A single outage knocks major brands offline across Japan
A ransomware attack on Askul, a key provider of logistics and online order processing in Japan, has disrupted digital shopping for some of the country’s best known retailers. Muji owner Ryohin Keikaku suspended its online store in Japan, while household goods chain Loft and department store group Sogo and Seibu also paused parts of their internet sales and shipments. Physical stores continue to operate, but many customers cannot place orders, track packages, or access account features through affected websites and apps.
- A single outage knocks major brands offline across Japan
- What happened at Askul
- Which retailers are affected and how
- Impact on consumers and businesses
- Is personal data at risk
- Market and financial fallout
- A recent pattern of cyber incidents in Japan
- Why a single vendor outage hit many retailers
- How ransomware disrupts logistics and order systems
- What consumers can do right now
- Quick Facts
The incident, detected over the weekend (Oct 19), triggered system failures that led Askul to halt online order intake and shipments across its platforms. The company said it is investigating the scope of the breach, including the possibility that personal or customer data may have been accessed. No recovery timeline has been provided. The disruption highlights how a single technology and logistics partner can become a point of failure for many brands that rely on shared infrastructure to manage orders and move goods from warehouses to consumers.
Ryohin Keikaku said its own systems were not compromised. The pause affects Muji’s domestic online store and parts of its mobile app, while deliveries and store logistics for physical shops continue. Other retailers reported similar limits: shoppers encounter error messages, stalled carts, or unavailable product pages. The outage comes less than a month after a separate cyber incident at Asahi Group disrupted beer production and forced delays in financial reporting, underscoring a year of heightened cyber risk in Japan’s consumer sector.
What happened at Askul
Askul reported a ransomware infection that caused a system failure on Oct 19. The company suspended receiving orders and shipping on its core platforms and confirmed it is still assessing the impact on data. For periods during the incident, even the corporate site was inaccessible. The company has apologized to customers and partners, while cautioning that service restoration will require careful investigation and recovery steps that cannot be rushed.
Systems taken offline
All new orders and user registrations were suspended. Orders not yet shipped around the outage window were canceled. Askul also paused returns processing, receipt mailing, catalog requests, and pharmaceutical orders. Customer support channels were strained, with the help desk and online inquiry forms reported as unavailable at times. These are common emergency measures in a ransomware response, where companies aim to contain the breach, prevent further spread, and protect data while forensics teams determine what was touched.
Three platforms affected
The disruption spans Askul’s web stores for office supplies, its Lohaco marketplace for consumers, and its Soloel Arena service for corporate clients. These sites feed a nationwide logistics system that connects digital storefronts to distribution centers, label printers, and last mile carriers. When the central order management and warehouse systems go dark, order capture, picking, packing, and shipping all come to a halt.
Which retailers are affected and how
Muji’s Japanese online store went offline after the Askul breach. The company said its physical shops and deliveries for in store purchases remain normal, but the domestic online experience is limited. Some app functions are disabled, product pages may not load, and subscription services are paused. Muji is reviewing which orders were impacted and has said it will notify affected customers by email about purchases placed before service suspension. A date for full restoration has not been set.
Loft suspended online operations and said it does not yet have a resumption date. Sogo and Seibu halted online sales for select products linked to Askul’s logistics systems. For consumers, the immediate effect is an inability to place new orders, along with delays and cancellations for purchases that had not yet shipped. Retailers continue to process in store transactions, but the convenience of online shopping has been interrupted for many.
Impact on consumers and businesses
Shoppers face canceled orders, delayed deliveries, and limited access to apps and account services. Retailers that depend on Askul’s fulfillment systems are unable to confirm shipping windows, and some customer support lines are flooded. Corporate buyers who rely on Askul for office and facility supplies are also affected. Askul serves a large base of individual and business customers, so disruption at this scale can impede routine operations at small offices and large enterprises alike.
The timing adds pressure. Japan is approaching a busy shopping period, when retailers typically build promotions and inventory plans around steady digital demand. When a central logistics platform stalls, backlogs can form quickly. Manual workarounds provide only limited relief because modern order and warehouse systems are tightly integrated with inventory databases, shipping label printers, and carrier booking tools. That integrated design improves speed and accuracy during normal times, but it also means there are few simple fallbacks when core systems are locked by ransomware.
Is personal data at risk
Askul is investigating whether personal or corporate customer data was accessed during the attack. The company has not confirmed any data leak. Cyber incidents sometimes lead to credential theft or exposure of addresses, phone numbers, and order histories. Consumers should be wary of unsolicited emails or messages requesting account details, passwords, or payment information. If a user reused a password across multiple sites, a password change is prudent. Official updates from the affected companies are the best source for instructions on account security and service restoration.
No ransomware group has claimed responsibility in public channels, and the companies have not disclosed whether a demand was received. Attackers often wait to publish details or data samples, so the situation can change as investigations progress. Separately, Japan has also seen account takeover attempts in the logistics sector, including reports of unauthorized logins at a major delivery company in recent weeks. Those were traced to credential reuse, not a breach of business systems, which illustrates one more way that criminal actors target the same consumer base.
Market and financial fallout
The disruption weighed on shares of the companies. On the first trading day after the incident, Askul fell as much as 6 percent and Ryohin Keikaku declined as much as 6.6 percent. Askul is evaluating the financial impact and has said it may postpone the release of monthly earnings data that had been scheduled for late October (Oct 28). Analysts expect a deeper hit to Askul’s results if the outage persists, since customers may shift orders away from a provider that remains constrained. Ryohin Keikaku has lower exposure to online sales than some peers, which may limit the earnings effect at Muji if stores stay busy.
Companies incur costs for incident response, forensics, system rebuilds, and potential customer support measures such as refunds or credits. There can also be contractual penalties or lost advertising spend linked to site downtime. The broader sector watches closely during these events, since extended outages can influence consumer behavior and marketing plans for the quarter.
A recent pattern of cyber incidents in Japan
The Askul outage follows an attack at Asahi Group in late September. The brewer reported that a cyber incident, later linked to a criminal group, disrupted production lines and delayed product launches. It also postponed financial reporting while systems were restored. In a separate case, a major parcel carrier reported unauthorized logins to some customer accounts traced to compromised credentials, while core business systems were not affected. In 2024, a large publishing company also dealt with a damaging ransomware event that spilled into the public domain.
These cases point to a shift in where attackers aim. Consumer goods, logistics platforms, and retail operators hold valuable data and run time sensitive operations. Criminal groups target that mix of data and urgency. Recovery requires patience and methodical work, which creates economic pressure on victims. This is why companies test containment plans, practice restoring from backups, and set up ways to continue limited operations during an outage.
Why a single vendor outage hit many retailers
Many retailers outsource order management, payments, and fulfillment to specialist providers. The benefits are meaningful: lower costs, faster delivery, and access to nationwide infrastructure. The tradeoff is concentration risk. When a central node fails, many brands stop at once. Askul’s role covers order capture, warehouse operations, and connections to carriers for last mile delivery. Once those connections are cut, every step from picking to label printing pauses for each retailer on the platform.
Steps retailers can take
Retailers can reduce risk by using multiple fulfillment partners for critical lines of business, decoupling order capture pages from warehouse systems, and maintaining limited offline processes for urgent orders. Regular vendor risk reviews should cover how partners store data, segment internal networks, and protect remote access tools that attackers often abuse. Shared incident response exercises between retailers and logistics providers help teams practice who does what when a platform fails. Backups that are stored offline and regularly tested give companies a safe point to restore from without reintroducing malicious software.
How ransomware disrupts logistics and order systems
Ransomware typically encrypts files and servers after intruders gain access through stolen credentials, vulnerable software, or phishing. Attackers seek administrator access, move across the network, and tamper with backups. In a logistics environment, the systems at risk include the order management platform, warehouse management system, label printing and routing services, and integration tools that communicate with carriers. If those services are unavailable, the company cannot accept orders or ship goods. Even areas that seem unrelated, like call center software, can be affected if they tie into the same identity and network infrastructure.
Recovery timeline and why it takes time
Recovery involves more than restoring from backups. Teams must eradicate malware, rebuild or reimage servers, reset credentials, and verify that data is intact. They then bring systems online in a staged way, starting with the most critical services. Each step is tested to be sure operations are safe. Vendors and partners must reconnect and validate data flows. This careful process explains why companies often say they have no precise timeline during the early days of an investigation.
What consumers can do right now
Consumers who placed orders near the outage should watch for official emails about cancellations and refunds. Keep order numbers and payment confirmations. If an order is vital, consider visiting a physical store or using alternative retailers until online services return. Monitor bank and card statements for unusual activity. Treat unexpected messages that ask for passwords, codes, or payment details with skepticism and use only official sites and apps to check order status.
Customers who reuse passwords across multiple services should change them, starting with the most sensitive accounts. If Askul or retailers publish guidance for password resets or offer credit monitoring in case of any data exposure, follow those instructions. It is helpful to confirm app permissions and ensure the latest versions are installed once services resume. Patience is required during staged recoveries, since features typically return in phases.
Quick Facts
- Askul reported a ransomware related system failure on Oct 19 and suspended online order intake and shipments.
- Muji, Loft, and Sogo and Seibu halted online sales or shipments linked to Askul’s platforms, while physical stores continue to operate.
- Askul’s web stores for office supplies, Lohaco for consumers, and Soloel Arena for corporate clients were all affected.
- Askul is investigating whether personal or customer data was accessed, and no timeline for full restoration has been announced.
- No criminal group has publicly claimed responsibility for the attack.
- Askul shares fell as much as 6 percent and Ryohin Keikaku declined as much as 6.6 percent on the first trading day after the outage.
- Askul said it may postpone the release of monthly earnings data scheduled for late October.
- The incident follows a cyberattack at Asahi Group in late September and other recent security cases in Japan’s logistics and media sectors.
