Sapporo Holdings investigates cyberattack on overseas subsidiaries
Japanese beverage group Sapporo Holdings disclosed suspected unauthorised access at its overseas subsidiaries Pokka in Singapore and Sleeman Breweries in Canada, shutting down affected systems to investigate.
- Victim
- Sapporo Holdings
On 30 June 2026, Sapporo Holdings — the Tokyo-based beverage group behind the Sapporo and Yebisu beer brands — disclosed that it was investigating suspected unauthorised access affecting two of its overseas subsidiaries: the Singapore-based food and beverage company Pokka and the Canadian brewer Sleeman Breweries. The disclosure came amid a broader wave of cyberattacks striking major Japanese companies in late June and early July 2026.
Sapporo said it had detected suspicious network activity indicative of a possible cyberattack and had shut down the affected systems as a precaution while it investigates. As of its initial disclosure, the company said it had not confirmed whether any data was stolen and had found no impact on its domestic operations in Japan.
What is known
The incident is still under investigation and details remain limited. Sapporo has not named a threat actor, has not confirmed the nature of the intrusion, and has not released additional information since its initial statement. What is notable is the pattern: rather than breaching the parent company's core corporate network in Japan, the attackers reached Sapporo through its overseas business units — Pokka in Singapore and Sleeman in Canada.
Part of a wider wave
Sapporo's disclosure landed within days of a cluster of cyber incidents at other major Japanese organisations, including insurer Aflac Japan, manufacturer Nidec, and telecom KDDI. Security analysts have highlighted a common thread across these events: attackers increasingly target subsidiaries, shared services, overseas units, and technology partners rather than attempting to breach a well-defended primary corporate network head-on.
Why it matters
For a multinational group like Sapporo, an intrusion at a foreign subsidiary is not a peripheral problem — subsidiaries often share identity systems, network trust, and data flows with the parent. The episode is a reminder that a group's security posture is only as strong as its most exposed business unit, and that visibility into the security of overseas operations is essential to containing an incident before it spreads to the core.
Sources
- therecord.mediahttps://therecord.media/japan-cyber-breaches-aflac-sapporo-nidec-kddi
- s-rminform.comhttps://www.s-rminform.com/cyber-intelligence-briefing/japan-ransomware-attacks-3-july-2026
- thecyberexpress.comhttps://thecyberexpress.com/japan-cyberattacks-expose-hidden-risks/