Asahi’s cyber hangover just got worse, with the brewer now admitting that personal information may have been tapped in last month’s attack.

The Japanese beer giant said on Tuesday that it has “identified the possibility that personal information may have been subject to unauthorized data transfer,” marking a sobering update to its September cyber incident.

The attack first bubbled up on September 29, when Asahi said a “system failure caused by a cyberattack” had forced it to shut down ordering, shipping, and call center systems across Japan. At the time, the brewer was adamant that customer and employee data were safe. Days later, that confidence began to fizz out, with the company admitting that ransomware was to blame and that “traces” suggested a potential unauthorized transfer of data.

The attack was claimed by the Qilin ransomware crew, which has boasted of stealing around 27 GB of files, including contracts, forecasts, employee records, and financial data. Samples of the allegedly stolen data, seen by The Register, suggest Asahi’s fears of personal data theft are well-founded, with Qilin posting what appear to be employee ID cards and other personal documents.

Asahi says it’s probing the “extent and detail” of any data affected, adding that it “will promptly notify those concerned and take appropriate measures in accordance with applicable laws on the protection of personal information.”

The admission caps a fortnight of disruption that’s left the company’s domestic logistics in tatters. Shipments have been delayed and stock shortages are reportedly looming across Japan. All of Asahi’s breweries are back to brewing, but its IT clearly isn’t, with orders being processed using pen, paper, and fax machines.

To make matters worse, Asahi has postponed its quarterly financial results, citing the continuing system outages and the still-uncertain timeline for recovery.

“The incident has also disrupted access to accounting-related data, resulting in delays in financial closing procedures,” Asahi said. “While the Company is making every effort to restore the system as quickly as possible, a timeline for full recovery cannot be provided at this time. Therefore, the Company has decided to postpone the announcement of its financial results for the third quarter of the fiscal year ending December 31, 2025.”

Asahi is far from alone in getting digitally walloped. A National Cyber Security Centre report out today warns of a sharp rise in ransomware and data theft attacks, noting that “highly significant” incidents are up 50 percent year-on-year – suggesting the brewer’s hangover is just one among many.

Asahi’s latest statement stops short of confirming that personal data was definitely stolen, but if recent ransomware playbooks are anything to go by, that “possibility” could soon turn into a “definitely.” ®