Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm.
Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is part of the LOHACO/Yahoo Japan ecosystem.
Askul detected a ransomware attack on October 19, during which threat actors accessed the company’s infrastructure and stole sensitive data.
The cyberattack caused major disruptions to Askul’s orders, shipping, and automated logistics systems. Services began resuming in early December, with customer and partner data affected.
The ransomware group RansomHouse later claimed the theft of 1 TB of sensitive data and leaked it in November and December, likely following a failed negotiation or Askul’s refusal to pay.
At this time, the ransomware group has already released three evidence packs containing the stolen data.
Askul confirmed the data breach affected customer and partner data, compromising about 590,000 business service records, 132,000 consumer records, and thousands of employee and executive records.
“On October 19, 2025, Askul Corporation experienced a ransomware attack that encrypted data and caused system disruptions, resulting in large-scale service outages and leakage of company information” reads the data breach notification published by the company.
“Information Confirmed as Leaked (as of Dec 12, 2025)
- Executives/employees (including group companies): ~2,700 records”
- Report submitted to the Personal Information Protection Commission.
- Affected customers and partners have been notified individually.
- Long-term monitoring is in place, with additional measures as needed.
- LOHACO payment system does not store customer credit card information.
- Details withheld to prevent secondary harm:
- Business service customer info: ~590,000 records
- Consumer service customer info: ~132,000 records
- Partner info (vendors, agents, suppliers): ~15,000 records”
Askul reported that attackers accessed its network using stolen credentials, conducted reconnaissance, and harvested additional credentials. They then moved laterally, disabled security systems, and deployed ransomware after deleting backups.
“The ransomware attack led to the leakage of customer information and some partner data, causing significant inconvenience. The disruption of our highly automated logistics systems temporarily halted services, affecting customers, partners, logistics clients, shareholders, and other stakeholders. We take this matter very seriously and have mobilized the entire company to contain the impact and restore services. Going forward, we will review and strengthen our BCP (Business Continuity Plan) in light of the attack.” said company CEO Akira Yoshioka. “As we enter the full service recovery phase, we provide the available investigation results, our response measures, and security enhancements, excluding details that could risk secondary damage. We hope this report supports both our accountability and the cybersecurity efforts of other organizations.”
Recently, another major Japanese company suffered a ransomware attack, threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
