At the end of September 2025, Asahi Group confirmed that a malicious actor had gained access to its digital infrastructure, leading to the fall of several corporate services linked to orders, logistics and customer service. Although production resumed quickly, the incident has set off alarm bells for a possible personal data filtration not financial and has once again demonstrated that attacks on large organizations rarely end when systems recover, but rather when the resulting risks cease to be exploitable. Technological dependence, the supply chain and social engineering continue to expand the attack surface in critical sectors such as industry and services.

What exactly has happened?

The attack identified in Asahi's corporate environments was attributed to the Qilin ransomware group, directly affecting internal services responsible for order management, the logistics chain and customer support centers.

Although production resumed soon after, Asahi Group reported that up to 1,525,000 customers who contacted its support centers may have had data exposed, along with 114,000 external contacts and records pertaining to employees and their families.

What type of information would be at risk?

According to the official communication from Asahi:

  • Access credentials to internal platforms have not been compromised
  • Financial information related to payment methods has not been affected
  • No bank or credit card details were exposed

If a possible impact is detected on:

  • Personal identification data, such as name, address, telephone number and email
  • Relational information associated with interactions with customer offices and support centers
  • Indirect data linked to employees and their families or external professional contacts

These records could be especially attractive to cybercrime actors, as they could be used to carry out targeted phishing campaigns, impersonation attempts or personalized fraud, as well as BEC (Business Email Compromise) attacks aimed at trusted contacts within the corporate ecosystem.

Why is this incident relevant?

Operational impact is only the first phase of an attack; lasting damage can arise from information leakage and not just from system interruption. The impact on internal order flows, logistics and customer service adds complexity to the response, because it compromises interconnected processes involving suppliers, distributors, corporate partners and third-party systems. This amplifies reputational impact, regulatory risk, and loss of user trust, even when attackers don't directly access physical production.

Attacks on the digital supply chain

The Asahi incident places the focus on third-party security as a fundamental pillar. Modern infrastructure rarely operates without external dependencies, requiring strict validation of the security practices of IT partners, software providers and customer service, especially in regions with different regulatory frameworks and cultural sensitivities. When a supplier falls, it doesn't fall alone; that's why risk management models must be continuous, auditable and centralized.

Apolo Cybersecurity Recommendations

For companies with large scale operations and relationships with multiple strategic actors, we recommend:

  • Evolved Third Party Risk Management (TPRM) models for evaluating suppliers on an ongoing basis
  • Zero Trust architectures, where no access is permanent or implied
  • Data exposure audits to detect information breaches before they are exploited
  • 24/7 incident response plans coordinated between IT systems and support centers
  • Training for internal teams to identify phishing, vishing or BEC attempts

Anticipate the next breach: strengthen your security now

Cyber attacks don't just seek to stop operations, they also seek to exploit data and trust. If your organization works with multiple vendors, support centers, or has an international presence, the risk isn't linear, but your security should be.

In Apolo Cybersecurity we help companies protect their data, audit suppliers and train teams to prevent attacks before they occur. Don't wait for the next crisis to be managed by the attacker: take control today and protect what really matters.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity