535/68 Friday, December 19, 2025
Askul, a major Japanese e-commerce and logistics provider, has confirmed that it detected a ransomware attack on October 19, 2025, during which attackers gained access to the company’s infrastructure and exfiltrated sensitive data. The incident disrupted order processing, delivery services, and automated logistics systems, causing service outages before partial operations gradually resumed in early December. Askul operates in partnership with the LOHACO/Yahoo Japan platform and provides office supplies, stationery, and IT equipment to both corporate and individual customers across Japan.
The ransomware group RansomHouse claimed responsibility for the attack, alleging it stole up to 1 terabyte of data. The group reportedly published at least three data leak samples in November and December, likely following failed negotiations or Askul’s refusal to pay the ransom. Askul confirmed that the breach impacted more than 700,000 records, including approximately 590,000 business customer records, 132,000 individual consumer records, 15,000 partner/vendor records, and around 2,700 records related to employees, executives, and affiliated companies. The company has reported the incident to Japan’s Personal Information Protection Commission and has notified affected individuals directly. Askul also emphasized that LOHACO’s payment systems do not store customers’ credit card information.
Askul further explained that the attackers initially used stolen credentials to gain access to its internal network. They then conducted reconnaissance, harvested additional credentials, performed lateral movement, disabled security systems, and deleted backups before deploying the ransomware. Akira Yoshioka, President and CEO of Askul, stated that the company fully recognizes the severity of the incident and has mobilized organization-wide resources to contain the damage, restore services, and strengthen its cybersecurity posture. Askul is also reviewing and enhancing its Business Continuity Plan (BCP) to prevent similar incidents in the future, expressing hope that the lessons learned from this attack will contribute to improved cybersecurity resilience across other organizations as well.
