Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals.

The type of data compromised in the attack includes full names, genders, physical addresses, phone numbers, and email addresses, and could be used in phishing attempts.

The incident was first disclosed on September 29, when the company was forced to suspend production and shipping operations due to a cyberattack.

At the time, Asahi stated that it saw no evidence of customer data having been accessed by unauthorized actors. A few days later, though, the company confirmed that it suffered a ransomware attack and that data had been stolen.

The disclosure was followed by Qilin ransomware claiming the intrusion and alleging to have 27GB of data from Asahi. The hackers published samples of exfiltrated files on their data leak site to prove their claims.

A press release from the company Asahi states that the following categories of individuals have been impacted:

• 1,525,000 customers who contacted Asahi’s customer service centers (Breweries, Drinks, Foods).
• 114,000 external contacts who received congratulatory or condolence telegrams from Asahi.
• 107,000 current and retired employees and 168,000 family members of those employees.

Asahi notes that the types of data exposed vary per category. For customers, it may include name, gender, physical and email address, and phone number; but for employees, it may also include dates of birth and gender.

The company underlines that no payment card information was exposed in the incident. A dedicated contact line has been established for affected parties to receive answers about the exposed personal data.

According to Asahi’s CEO, Atsushi Katsuki, the company is still in the process of restoring impacted systems, two full months after the initial compromise.

“We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group,” stated Katsuki

“Regarding product supply, shipments are resuming in stages as system recovery progresses.”

The preventative measures to be implemented include redesigned communication routes, tightened network controls, restrictions on external internet connections, upgrades of threat-detection systems, security audits, and redesigned backup and business-continuity plans.