Asahi Group Holdings Ltd. is weighing the creation of a dedicated cybersecurity unit as it continues to deal with the prolonged impact of a ransomware incident that struck the company in late September. The Asahi cyberattack disrupted core operations, delayed financial reporting, and exposed vulnerabilities in both the company’s internal systems and Japan’s broader corporate cyber defenses.
The cyberattack on Asahi occurred on September 29, when a system disruption was detected at approximately 7:00 a.m. Japan Standard Time. Subsequent investigations confirmed that files within the company’s network had been encrypted by ransomware. By around 11:00 a.m. the same day, Asahi disconnected its network and isolated its data center in an effort to contain the damage.
According to Asahi Group Holdings, the attacker gained unauthorized access through network equipment located at a Group facility. Ransomware was deployed simultaneously across multiple active servers, and some employee PC devices connected to the network. While the impact has been limited to systems managed in Japan, the disruption has been extensive.
Shift Toward Zero-Trust Security Model
Chief Executive Officer Atsushi Katsuki said the incident has prompted a fundamental reassessment of how information security is handled at the management level. As part of its recovery, Asahi Group Holdings has scrapped the use of virtual private networks and is adopting a stricter “zero-trust” model, which assumes no user or device inside the network can be automatically trusted.
“Information security is a management issue that should be given the highest priority,” Katsuki said. “We thought we had taken sufficient measures, which were easily broken. It made me realize there’s no limit to the precautions that can be taken.”
The Asahi cyberattack froze key business systems in Japan, forcing the company to shift order processing and shipments offline. The disruption hit at a critical time, delaying deliveries of year-end gift sets, a seasonal mainstay for the Japanese beverage market. As a result, November sales of beer and other alcoholic beverages fell by more than 20% compared with the same period a year earlier.
Operational and Financial Fallout Continues
Operational disruptions have gradually eased, but the effects on financial reporting remain significant. Asahi Group Holdings now expects its annual earnings disclosure to be delayed by more than 50 days. While partial third-quarter figures were released in November, Katsuki declined to set a new date for the full earnings announcement.
Before the cyberattack on Asahi, the company had forecast that operating profit for the year ending in December would decline 5.2% to ¥255 billion ($1.6 billion), on sales of ¥2.95 trillion. Once reporting resumes, Asahi plans to outline its growth strategy, with a particular focus on non-alcoholic and low-alcohol beverages, along with its investment plans.
Despite the setback, Katsuki said the breach does not threaten Asahi’s long-term foundation and expressed confidence that lost market share can be recovered. He expects most systems to be restored by February, with shelf space recovery and full competitive positioning returning from March.
Data Exposure, Recovery Efforts, and Broader Implications
In parallel with restoring operations, Asahi Group Holdings has been conducting a detailed forensic investigation in collaboration with external cybersecurity experts. In a statement released on November 27, 2025, the company disclosed that some data from company-issued PCs had been exposed and that personal information stored on servers may also have been affected. As of that date, there was no confirmation that server-based personal data had been published on the internet.
The investigation identified the following categories of personal information that have been or may have been exposed: data belonging to approximately 1.525 million individuals who contacted customer service centers of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods; information related to 114,000 external contacts who received congratulatory or condolence telegrams; personal details of 107,000 employees and retirees; and information concerning 168,000 family members of employees and retirees. Asahi confirmed that no credit card information was included.
On November 26, Asahi submitted a final report to Japan’s Personal Information Protection Commission and stated that affected individuals will be notified in due course. A dedicated inquiry hotline was established to respond to questions related to personal data exposure.
System restoration efforts have taken roughly two months and have included containment of ransomware, integrity checks, and enhanced security measures. Asahi said systems and devices confirmed to be secure will be restored in phases, with ongoing monitoring to prevent recurrence. Preventive measures include redesigned network controls, stricter connection restrictions, enhanced threat detection, updated backup strategies, revised business continuity plans, and expanded employee training and external audits.
