Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals.
The type of data compromised in the attack includes full names, genders, physical addresses, phone numbers, and email addresses, and could be used in phishing attempts.
The incident was first disclosed on September 29, when the company was forced to suspend production and shipping operations due to a cyberattack.
At the time, Asahi stated that it saw no evidence of customer data having been accessed by unauthorized actors. A few days later, though, the company confirmed that it suffered a ransomware attack and that data had been stolen.
The disclosure was followed by Qilin ransomware claiming the intrusion and alleging to have 27GB of data from Asahi. The hackers published samples of exfiltrated files on their data leak site to prove their claims.
A press release from the company Asahi states that the following categories of individuals have been impacted:
1,525,000 customers who contacted Asahi’s customer service centers (Breweries, Drinks, Foods).
114,000 external contacts who received congratulatory or condolence telegrams from Asahi.
107,000 current and retired employees and 168,000 family members of those employees.
Asahi notes that the types of data exposed vary per category. For customers, it may include name, gender, physical and email address, and phone number; but for employees, it may also include dates of birth and gender.
... continue reading