Asahi admits ransomware gang may have spilled almost 2M people's data

Asahi has finally done the sums on September's ransomware attack in Japan, conceding the crooks may have helped themselves to personal data tied to almost 2 million people.

Back on September 29, Asahi disclosed a "system failure caused by a cyberattack" that knocked out ordering, shipping, and call center systems across its Japanese operations. Days later, the attack was claimed by the Qilin ransomware crew, which reckons it stole some 27 GB of internal files – including employee records, contracts, financial documents, and other sensitive assets.

Fast forward to November 27, Asahi has finally posted a full breakdown of who and what might be affected. The tally includes 1.525 million people who contacted its customer service centers, 114,000 external contacts who received condolence or congratulatory telegrams, 107,000 current or former employees, and 168,000 of their family members. The exposed data includes names, addresses, phone numbers, email ...