Cyberattack on Japan’s Askul exposes customer data, halts operations

Japanese online stationery retailer Askul Corp. has confirmed a significant data breach following a cyberattack that disrupted its operations and exposed personal information belonging to customers and business partners.

The Tokyo-based company said the leaked data includes customer names, email addresses, and phone numbers, as well as the names of companies, individual clients, and suppliers associated with its online stores. Askul stated that no credit card information was compromised. The full scale of the data exposure remains under investigation, and the company has not disclosed the number of affected cases or the total volume of leaked data.

Askul said it has identified the incident as a ransomware attack and reported it to law enforcement. The company expressed regret for the incident, saying it “deeply apologizes for causing serious worry and concern.”

Operations at Askul have been severely impacted since the system failure on October 19, which forced the suspension of order acceptance and product shipments. The disruption has also affected partner retailers, including Ryohin Keikaku Co., operator of the Muji retail brand, and The Loft Co., a Japanese lifestyle goods chain, both of which rely on Askul-affiliated logistics services.

Cybersecurity firm S&J Corp., also based in Tokyo, reported that a hacker group calling itself “RansomHouse” has claimed responsibility for the attack. The group allegedly posted a statement on the dark web asserting it had stolen approximately 1.1 terabytes of data from Askul, including customer information and purchase histories. The hackers claimed that some of the stolen data is now available for download online.

S&J President Nobuo Miwa said the nature of the disclosure suggests the attack was deliberate and strategically planned to inflict maximum reputational damage on the company.