Japanese e-commerce and logistics provider Askul has confirmed that a ransomware attack led to the compromise of more than 700,000 records, affecting customers, business partners, and employees. The incident caused widespread operational disruption after attackers encrypted systems and shut down automated logistics infrastructure.

Askul is a major B2B supplier of office and professional goods in Japan, with extensive logistics automation supporting large-scale order fulfillment. Like many enterprises in retail and logistics, Askul relies on tightly integrated IT and operational technology systems, making cyber disruptions particularly costly.

Askul detected unauthorized activity on October 19 after ransomware operators began encrypting files across its environment. Subsequent investigation revealed that data theft had occurred before encryption, a tactic commonly used to increase extortion pressure.

The RansomHouse ransomware group later claimed responsibility, publishing stolen data in two waves on November 10 and December 2. The public release strongly suggests that Askul declined to pay the ransom demand.

Operational impact was severe. Automated logistics systems were taken offline, halting order processing and shipping. Service restoration occurred gradually, with many systems only returning to partial operation in early December.

Askul’s internal investigation found that attackers gained initial access using compromised credentials. From there, they conducted network reconnaissance, harvested additional credentials, and moved laterally across systems.

Security controls were disabled, and backup files were deleted before ransomware deployment. This sequence indicates a deliberate, hands-on-keyboard intrusion rather than an automated opportunistic attack.

RansomHouse reportedly exfiltrated more than one terabyte of data. Confirmed exposure includes approximately 590,000 business customer records, 132,000 consumer customer records, and thousands of records related to partners, employees, and executives.

Beyond data exposure, the attack disrupted core logistics operations, highlighting the cascading business risk of ransomware in highly automated environments. The prolonged recovery window suggests that both IT and operational systems were affected.

Data exposure raises long-term concerns around fraud, phishing, and targeted social engineering against affected customers and partners, even if no immediate misuse has been reported.

This incident reinforces the ongoing shift in ransomware strategy toward data theft-first extortion. Even organizations with backups remain vulnerable to public data leaks and reputational damage.

The attack also underscores credential security as a persistent weakness. Compromised credentials continue to be one of the most reliable entry points for sophisticated ransomware operators.

RansomHouse has established a pattern of high-confidence data theft paired with selective public leaks. This approach pressures victims while conserving attacker resources, making refusal to pay a difficult business decision.

The Askul breach also aligns with a broader trend of increased targeting of Japanese enterprises, reflecting their high operational maturity and historically lower tolerance for prolonged outages.