ASKUL Data Breach Exposes 1.1TB of Corporate Data After RansomHouse Attack

The ASKUL data breach has been confirmed as one of Japan’s most significant corporate cyber incidents of 2025. The ransomware group RansomHouse has claimed responsibility for the attack, which exfiltrated approximately 1.1 terabytes of internal company data and caused widespread disruptions to ASKUL’s e-commerce and logistics operations. The attackers encrypted ASKUL’s systems, publicly listed the company on their leak portal, and later released two separate data dumps labeled “Evidence Pack 1” and “Evidence Pack 2.”

The ASKUL data breach is part of an escalating wave of ransomware attacks targeting large supply chain and retail companies in Asia. ASKUL, a Tokyo-based e-commerce and logistics giant that provides office supplies, daily goods, and business services to both B2B and B2C markets, reported significant system outages following the intrusion. These disruptions led to delays in order processing and shipping operations across Japan.

Details of the ASKUL Ransomware Attack

RansomHouse listed ASKUL on its dark web leak site with confirmation that the attack occurred on October 19, 2025. The entry includes full corporate information, such as ASKUL’s revenue of $3.2 billion, workforce of 3,574 employees, and official company website (askul.co.jp). According to the attackers, all systems were encrypted, and more than one terabyte of sensitive data was exfiltrated before encryption was triggered.

The attackers uploaded an initial proof-of-breach file titled “Evidence Pack 1,” which was followed by “Evidence Pack 2” several weeks later. Both archives were published without password protection and reportedly contain internal company documents. These evidence packs are part of RansomHouse’s tactic to pressure victims into paying ransoms by gradually exposing stolen data to the public.

The group’s message to ASKUL management reads: “We are sure that you are not interested in your confidential data being leaked or sold to a third party. We highly advise you to start resolving this situation.” This message indicates that ASKUL was likely approached privately before the public leak occurred, a common stage in RansomHouse’s double extortion method.

Extent of the Data Breach

RansomHouse claims that 1.1 terabytes of ASKUL’s internal data were stolen. While the full scope of the breach is not yet publicly confirmed, the attackers allege that the stolen data includes:

• Corporate financial records and reports
• Employee information and internal communications
• Client invoices and logistics contracts
• Inventory and shipping data from ASKUL’s fulfillment centers
• Documents relating to software systems and digital business operations

The public listings also reveal that ASKUL’s systems were both encrypted and downloaded on the same day, suggesting a planned, multi-stage intrusion. The ransomware group may have infiltrated ASKUL’s network weeks or months before encryption, performing reconnaissance to identify critical assets and data stores.

Operational Disruption Across ASKUL’s Network

ASKUL’s e-commerce infrastructure is central to Japan’s supply chain ecosystem, supporting a large network of businesses and consumers. Following the breach, several online systems experienced prolonged outages. Orders and shipping functions were temporarily suspended while the company initiated recovery and forensic procedures. The attack’s timing—just before Japan’s end-of-year logistics surge—has amplified its potential economic impact.

ASKUL operates multiple integrated platforms, including SOLOEL ARENA for business orders and LOHACO for consumer products. Both platforms rely on centralized databases and real-time logistics coordination. Disruptions to these services likely delayed thousands of shipments and caused cascading effects for corporate clients dependent on ASKUL’s distribution centers.

About ASKUL Corporation

Founded in 1963, ASKUL Corporation is one of Japan’s largest e-commerce companies, serving both business-to-business and business-to-consumer markets. The company provides office supplies, logistics services, printing, office design, and recycling solutions. With an annual revenue exceeding $3 billion and a workforce of over 3,500 employees, ASKUL is recognized for its focus on sustainability and digital transformation initiatives.

ASKUL’s extensive integration with Japanese supply networks and its partnerships with hospitals, schools, and enterprises make the breach especially concerning. The stolen data may expose sensitive business relationships, operational plans, and internal communications that could be leveraged in future cyberattacks or industrial espionage.

Evidence Pack 2 Confirms Continuing Threat

On November 10, 2025, RansomHouse escalated the situation by publishing “Evidence Pack 2” on its data leak site. The second release confirmed that the attackers still possess large volumes of ASKUL data and are willing to publish more if ransom negotiations fail. Each evidence pack was labeled as “no password,” meaning that the files are publicly accessible to anyone visiting the portal.

The release of a second evidence pack typically signals a failed or stalled negotiation. By gradually releasing sensitive corporate files, ransomware groups like RansomHouse aim to maximize reputational and financial pressure on their targets. In previous incidents, this strategy has led to severe reputational damage for corporations that refused to pay.

RansomHouse’s Modus Operandi

RansomHouse is a well-known cybercriminal collective that focuses primarily on exfiltration and extortion rather than encryption alone. The group has targeted organizations in manufacturing, logistics, finance, and retail industries worldwide. Their operations are characterized by well-designed leak portals, professional communication templates, and public data releases designed to coerce victims into compliance.

The group has also built a reputation for targeting large enterprises with robust supply chain infrastructures—organizations whose downtime leads to cascading financial losses. Their focus on ASKUL aligns with this pattern, as ASKUL’s distribution centers and logistics systems form the foundation of its operations. Compromising such systems amplifies the group’s leverage and creates maximum business disruption.

Implications for ASKUL and the Japanese Market

The ASKUL data breach could have wide-ranging consequences for Japan’s retail and logistics industries. If sensitive financial or customer data was exfiltrated, ASKUL could face investigations under Japan’s Act on the Protection of Personal Information (APPI) and increased scrutiny from the Personal Information Protection Commission (PPC). Additionally, compromised partner data could affect hundreds of client organizations.

ASKUL’s reliance on digital platforms means that even partial exposure of its backend systems could enable targeted phishing, invoice fraud, or insider exploitation. Analysts warn that stolen information from corporate breaches often resurfaces months later on dark web marketplaces, where it may be repurposed for future cyberattacks.

Response and Recovery Efforts

As of November 2025, ASKUL has not released an official statement regarding the breach. However, internal recovery efforts are likely underway to restore business operations and secure affected infrastructure. The company will need to perform comprehensive forensic analysis, rotate credentials, and rebuild affected systems while ensuring that no backdoors remain active within its network.

Cybersecurity experts recommend that ASKUL prioritize endpoint monitoring, implement stronger segmentation of internal networks, and review third-party integrations that could have served as entry points for the attackers. The incident also reinforces the importance of proactive threat detection and regular vulnerability assessments, especially for high-volume e-commerce environments.

Ongoing Investigation and Future Outlook

Security researchers continue to monitor RansomHouse’s leak portal for additional data releases or new threats related to ASKUL. Given that two evidence packs have already been published, further disclosures remain possible if negotiations fail. The incident highlights the continued global reach of ransomware groups targeting Asian corporations, and it underscores the vulnerability of Japan’s digital infrastructure amid growing cybercrime activity.

The ASKUL data breach serves as a critical reminder of the evolving risks faced by modern supply chain networks. The attack demonstrates how a single compromise can paralyze nationwide logistics operations and expose terabytes of sensitive data. As ASKUL continues its recovery, the breach may prompt broader cybersecurity reforms across Japan’s retail and e-commerce industries.

For continued updates and analysis of the ASKUL data breach and other ransomware incidents, visit Botcrawl’s data breaches and cybersecurity sections.