Japanese drink giant Asahi Group Holdings said on Thursday an investigation has found that personal information linked to around 2 million customers and employees may have been leaked in a cyberattack that hit its domestic servers in late September.
“I painfully feel the responsibility of management” with regard to the cyberattack, said Asahi president Atsushi Katsuki at its first press conference since the maker of Asahi Super Dry beers was hit by a system failure on September 29, acknowledging the “weakness” of its security.
Some restaurants that usually provide Asahi beers have also been forced to change brands ahead of year-end parties.
Katsuki said the company expects to resume orders and shipments, currently being handled manually, from December once the system is restored, with the normalisation of logistics operations eyed by February.
The personal information that has or may have been leaked includes the names, gender, addresses, phone numbers and email addresses of 1.53 million individuals who contacted the customer service centres of Asahi Breweries, Asahi Soft Drinks and Asahi Group Foods.
The investigation revealed that the attacker gained unauthorised access to the data centre network through network equipment located at a group company site, Asahi said, adding it is taking preventive measures, including redesigning communication routes and network controls and enhancing its security monitoring system.