Japanese beverage giant Asahi Group Holdings has confirmed that a major cyber-attack on its UK subsidiary has impacted the personal data of approximately 1.5 million customers. The company became aware of the security incident on October 10, 2023.

Details of the Data Breach

The breach targeted customers of ‘The Bottle Club,’ an online store acquired by Asahi UK in 2022 that ceased trading in early 2023. The compromised information includes customer names, addresses, dates of birth, email addresses, and phone numbers. Asahi UK confirmed that it does not hold customer financial information, so no payment details were exposed.

Attribution and Official Response

The Black Basta ransomware group claimed responsibility for the attack. The group added Asahi to its dark web leak site on October 27, 2023, claiming to have exfiltrated 1.2TB of data which included corporate, financial, and employee information.

In response to the breach, Asahi UK launched an immediate investigation and engaged third-party forensic specialists to assist. The company has reported the incident to the UK’s Information Commissioner’s Office (ICO) as well as the police. Asahi has also commenced the process of notifying all affected individuals via email.

Source: https://www.infosecurity-magazine.com/news/asahi-15-million-customers/