Asahi Group Holdings (hereinafter referred to as Asahi Group HD) announced the final investigation results on February 18 regarding the personal information leak caused by a cyberattack that occurred last September.
Initial reports suggested a potential large-scale leak of approximately 1.91 million records. However, after thorough investigation, the leak was confirmed to involve 115,513 records.
This article details the current status of the leak and the preventive measures Asahi Group Holdings has implemented to prevent recurrence.
1. Current Status and Breakdown of Personal Information Leak
According to Asahi Group Holdings’ announcement, the leaked information has already been confirmed on the dark web (dark sites).
The breakdown of the confirmed leaked information is as follows:
| Target individuals | Number of cases | Types of leaked information |
| Employees and Retirees | 5,117 items | Name, address, phone number, etc. |
| Business partners and stakeholders | 110,396 items | Name, phone number, etc. |
| Total | 115,513 items |
As of last November, it was feared that up to approximately 1.91 million pieces of information may have been leaked. However, this investigation has now identified the specific scope of the damage.
2. The Cyberattack Timeline and Confirmation on the Dark Web
This incident originated from a cyberattack the company suffered last September.
The attackers illegally infiltrated the company’s internal systems and stole confidential information. Subsequently, the data was leaked onto the highly anonymous “dark web,” leading to the confirmation of this damage
The company has taken the situation seriously, with President Atsushi Katsuki apologizing at a press conference, and has continued a thorough investigation.
3. Strong Preventative Measures Announced by Asahi Group
Following confirmation of the information leak, Asahi Group Holdings announced a restructuring of its organizational framework to restore trust.
- Appointment of Dedicated Officer (Effective February 1)
A dedicated officer specializing in information security has been newly appointed to Asahi Group Japan, which oversees domestic operations. - Establishment of Independent Organization (Scheduled for April)
An independent specialized organization to oversee and monitor information security will be newly established in April.
This aims to accelerate decision-making and strengthen oversight functions. - Strengthening System Defenses
We are advancing the development of detection systems and a layered defense structure to minimize damage even in the unlikely event of an intrusion.
Summary: Cybersecurity Measures Expected of Companies
Even for a major corporation like Asahi Group Holdings, the difficulty of completely preventing increasingly sophisticated cyberattacks has been highlighted once again.
However, the swift organizational enhancements implemented this time—such as appointing a dedicated executive officer and establishing an independent organization—could serve as a model case for future security measures among Japanese companies.
Attention is focused on whether the company’s stance of “minimizing impact even in the worst-case scenario” will lead to restoring consumer trust.
