December 17, 2025 By Pierluigi Paganini
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm.
Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is part of the LOHACO/Yahoo Japan ecosystem.
Askul detected a ransomware attack on October 19, during which threat actors accessed the company’s infrastructure and stole sensitive data.
The cyberattack caused major disruptions to Askul’s orders, shipping, and automated logistics systems. Services began resuming in early December, with customer and partner data affected.
The ransomware group RansomHouse later claimed the theft of 1 TB of sensitive data and leaked it in November and December, likely following a failed negotiation or Askul’s refusal to pay.
“Information Confirmed as Leaked (as of Dec 12, 2025)
- Executives/employees (including group companies): ~2,700 records”
- Report submitted to the Personal Information Protection Commission.
- Affected customers and partners have been notified individually.
- Long-term monitoring is in place, with additional measures as needed.
- LOHACO payment system does not store customer credit card information.
- Details withheld to prevent secondary harm:
- Business service customer info: ~590,000 records
- Consumer service customer info: ~132,000 records
- Partner info (vendors, agents, suppliers): ~15,000 records”