Investigation Results and Future Measures on Cyberattack Data Exposure
(Tokyo, Japan - November 27, 2025) - Asahi Group Holdings, Ltd. has been providing updates since September 29 regarding the system disruption caused by a cyberattack.
In collaboration with external cybersecurity experts, we have been conducting an investigation into the sequence of events that lead to the system disruption caused by the cyberattack, its root cause, and the potential exposure of information. The scope and details of the investigation completed at this stage are outlined below. Based on the findings, those whose information has been confirmed as exposed, as well as those who may be at risk, will be notified in due course. On November 26, we submitted a final report to the Personal Information Protection Commission.
1. Overview of the Incident
2. Personal information that has been or may have been exposed (as of November 27)
In collaboration with external cybersecurity experts, we have been conducting an investigation into the sequence of events that lead to the system disruption caused by the cyberattack, its root cause, and the potential exposure of information. The scope and details of the investigation completed at this stage are outlined below. Based on the findings, those whose information has been confirmed as exposed, as well as those who may be at risk, will be notified in due course. On November 26, we submitted a final report to the Personal Information Protection Commission.
1. Overview of the Incident
- ・ At approximately 7:00 a.m. JST on September 29, a disruption occurred in our company’s system, and the subsequent investigation confirmed the presence of encrypted files.
- ・ Later that same day, at approximately 11:00 a.m. JST, we disconnected the network and implemented measures to isolate the data center to minimize the impact.
- ・ The investigation revealed that the attacker gained unauthorized access to the data center network through network equipment located at our Group’s site. Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network.
- ・ While investigating the extent and details of the impact, focusing on the systems targeted in the attack, we identified that some data from company-issued PCs provided to employees had been exposed.
- ・ There is a possibility that personal information stored on servers in the data center may have been exposed. We have not confirmed any instance of this data being published on the internet.
- ・ The impact of the attack on our systems is limited to those managed in Japan.
2. Personal information that has been or may have been exposed (as of November 27)
| Affected parties: | Description: | Count |
| Those who contacted the Customer Service Centers of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods | Name, gender, address, phone number, email address | 1,525,000 |
| External contacts to whom we have sent congratulatory or condolence telegrams | Name, address, phone number | 114,000 |
| Employees (including retirees) | Name, date of birth, gender, address, phone number, email address, other | 107,000 |
| Family members of employees (including retirees) | Name, date of birth, gender | 168,000 |
*Credit card information is not included.
*Not all of the information listed under ‘Description’ is included in each individual record.
3. Dedicated contact point for inquiries regarding personal information
Phone: 0120-235-923 (Available 9:00–17:00 JST, excluding weekends and public holidays)
4. System restoration
5. Preventive measures
Comments from Atsushi Katsuki, President and Group CEO:
“I would like to sincerely apologize for any difficulties caused to our stakeholders by the recent system disruption.
We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group.
Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding.”
Phone: 0120-235-923 (Available 9:00–17:00 JST, excluding weekends and public holidays)
4. System restoration
- ・ Following the cyberattack, we spent approximately two months containing the ransomware attack, restoring systems, and enhancing security to prevent recurrence.
- ・ Following forensic investigation by external experts—which include a detailed analysis to identify the causes and pathways of unauthorized access or virus infections on computers and networks—along with integrity checks and additional security measures, we will proceed with the phased restoration of systems and devices confirmed to be secure.
- ・ We will continue to monitor, make improvements, and implement enhanced security measures to prevent recurrence and ensure safe operations.
5. Preventive measures
- ・ Communication routes and network controls will be redesigned, and connection restrictions will be further tightened.
- ・ Connections to external parties via the internet—including email and web applications—will be limited to secure zones, strengthening the overall resilience of the system.
- ・ The security monitoring system will be revised to enhance the precision of threat detection.
- ・ Backup strategies and BCP plans will be redesigned and updated to ensure rapid recovery in the event of an emergency.
- ・ Security standards will be continuously reviewed, and organizational security governance will be strengthened by regularly conducting more effective employee training and external audits.
Comments from Atsushi Katsuki, President and Group CEO:
“I would like to sincerely apologize for any difficulties caused to our stakeholders by the recent system disruption.
We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group.
Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding.”