Japanese beer giant Asahi on Thursday announced that hackers stole the personal information of roughly 2 million individuals in a disruptive ransomware attack in September.
Asahi disclosed the incident on September 29, the same day that it occurred. Its operations in Japan continue to be partially disrupted, as the impacted systems are gradually being restored.
In early October, the Qilin ransomware group added Asahi to its Tor-based leak site, claiming the theft of 27 gigabytes of data.
Days before that, Asahi announced that hackers had exfiltrated data from its systems. Now, it has confirmed that personal information was compromised in the attack.
According to the company, 1,525,000 people who contacted its customer services had their names, addresses, phone numbers, and email addresses stolen.
The hackers also exfiltrated the names, addresses, and phone numbers of 114,000 people Asahi had sent congratulatory or condolence messages to.
Additionally, 107,000 Asahi employees had their names, addresses, phone numbers, email addresses, dates of birth, and gender information stolen. The hackers also stole the names, dates of birth, and gender data of 168,000 family members of current and former employees.
“We have not confirmed any instance of this data being published on the internet,” Asahi said on Tuesday.
Asahi noted that the compromised information varies by individual and that no credit card information was stolen.
The company explained that the threat actors hacked network equipment, and used it to compromise its data center network.
“Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network,” the company said.
It also explained that it has been scrambling to contain the ransomware, and that it would restore only systems and devices confirmed to be secured, in phases.
“We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group,” Asahi Group president and CEO Atsushi Katsuki said.
“Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding,” Katsuki added.
In an emailed comment, Immersive senior manager Kevin Marriott pointed out that Qilin is known to leak data stolen from companies that do not pay a ransom and that Asahi’s customers should continue to monitor for updates.
“Manufacturing networks are complex ecosystems, potentially containing legacy systems, shadow IT, diverse technologies, and connectivity with supply chains and other third-party entities,” Marriott said.
“As a result, when impacted, full recovery is a timely process, especially when assuring all artifacts of compromise have been identified and removed, which is likely why it is likely to be February before a return to normalized operations is achieved,” he added.
Related: Ransomware Attack Disrupts Local Emergency Alert System Across US
Related: Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack
Related: Akira Ransomware Group Made $244 Million in Ransom Proceeds
Related: Synnovis Confirms Patient Information Stolen in Disruptive Ransomware Attack
