Asahi Group Holdings Qilin ransomware (2025)
Qilin ransomware operators encrypted servers across Asahi's Japanese data centres, halting ordering, shipment, and production at 30 factories, leaking 27 GB of internal data, and exposing personal information of approximately 1.5 million customers, employees, and contacts.
- Victim
- Asahi Group Holdings
- Loss
- $31.4M
- records
- 1.5M
- users
- 1.5M
In late September 2025, Asahi Group Holdings β the Japanese brewing and food giant behind Asahi Super Dry, Peroni, and Pilsner Urquell β disclosed a "system failure caused by a cyberattack" that halted ordering and shipment of beer across Japan. The attackers, the Qilin ransomware crew, had encrypted servers across Asahi's domestic data centres.
What happened
The intrusion paralysed the central systems that route orders from Asahi's distributors, schedule shipments, and coordinate production planning across 30 Japanese factories. With ordering and dispatch offline, even fully-stocked breweries could not get product onto trucks. The shortage spread to convenience stores, izakayas, and supermarkets nationwide within days.
Asahi managed to bring beer production back up partially within a week using manual workarounds, but distribution remained severely degraded for the rest of October. Qilin later claimed on its leak site that it had exfiltrated roughly 27 GB of internal data, and Asahi subsequently confirmed that personal information of approximately 1.5 million customers, employees, and external contacts was compromised.
Impact
- 30 Japanese factories affected; ordering and shipping paralysed for over a week.
- Estimated lost revenue: Β₯5 billion (~$31.4 million USD).
- Domestic beverage and food sales down 10β40% year-on-year in October 2025.
- ~1.5 million people had personal information exposed.
- Triggered an across-the-board cybersecurity programme overhaul announced by Asahi management.
Why it matters
Japan's largest brewer was knocked offline not because brewing itself depends on the internet, but because everything between brewing and the shelf does. Order entry, dispatch routing, and ERP-integrated logistics are the soft underbelly of consumer-goods manufacturing β and Qilin demonstrated, very publicly, that you do not need to attack a control system to halt a factory.
Financial impact
Reported costs in USD
- Business loss$31.4M
Timeline
Asahi reports a 'system failure caused by a cyberattack' that paralyses ordering and shipping of beer across Japan.
Beer production resumes in part of Japan; distribution problems and shortages persist nationwide.
Asahi's domestic beverage and food divisions report a 10β40% sales decline versus the previous year.
Qilin ransomware group claims responsibility on its leak site, asserting it exfiltrated approximately 27 GB of internal data.
Asahi confirms personal information of approximately 1.5 million customers, employees, and external contacts was compromised; announces a major cybersecurity overhaul.
Sources
- infosecurity-magazine.comhttps://www.infosecurity-magazine.com/news/asahi-15-million-customers/
- bitdefender.comhttps://www.bitdefender.com/en-us/blog/hotforsecurity/asahi-cyber-attack-spirals-into-massive-data-breach-impacting-almost-2-million-people
- cyberinsider.comhttps://cyberinsider.com/asahi-says-qilin-ransomware-attack-exposed-data-of-1-5-million-people/
- foodingredientsfirst.comhttps://www.foodingredientsfirst.com/news/asahi-cyberattack-food-ransomware-crisis.html