Askul ransomware attack halts orders and shipments across B2B and consumer platforms
Japanese e-commerce and office-supplies giant ASKUL Corporation confirmed a ransomware incident that caused widespread systems disruption, forcing a suspension of order intake and shipments across its corporate (ASKUL / Soloel Arena) and consumer (LOHACO) services. The company has not provided a recovery timeline; investigations into the scope and potential data exposure are ongoing.
Key developments
- Operations suspended: Order receipt and shipments paused for ASKUL’s B2B portals and LOHACO consumer site.
- Confirmed ransomware: ASKUL attributes the outage to ransomware; forensic work is in progress.
- Downstream impact: Third-party brands relying on ASKUL logistics (e.g., MUJI) reported service interruptions.
- No ETA for restoration: The company has not announced a recovery window; previously received orders may be canceled while systems are restored.
What happened
On October 19–20 local time, ASKUL disclosed a cybersecurity incident involving ransomware that disrupted core ordering and fulfillment systems. In response, the company suspended order intake and shipments to contain the incident and begin remediation. Public updates indicate the root cause was ransomware that encrypted systems critical to logistics and e-commerce operations.
Operational impact
- ASKUL (B2B): Corporate procurement portals unavailable or severely degraded.
- Soloel Arena: Enterprise purchasing workflows affected; shipment processing paused.
- LOHACO (consumer): Online retail operations disrupted; fulfillment suspended.
- Ecosystem effects: Retail partners depending on ASKUL’s logistics reported knock-on outages and temporary store closures online.
Risk & exposure
ASKUL has not confirmed any exfiltration of customer or partner data as of publication. Standard ransomware tradecraft often includes data theft prior to encryption; customers and suppliers should assume the possibility of exposure until the investigation concludes and implement precautionary controls (password changes, heightened monitoring, and phishing vigilance).
Guidance for customers and partners
- Account hygiene: Rotate credentials for ASKUL/Soloel/LOHACO accounts; enable MFA where available.
- Invoice & payment verification: Validate bank details and shipment notices via out-of-band channels to avoid BEC-style fraud during disruption.
- Supply-chain continuity: Identify alternate suppliers for critical SKUs; document backorders and communicate contingencies internally.
- Threat monitoring: Watch for look-alike domains, phishing referencing delayed deliveries, and credential-stuffing attempts.
Incident timeline (initial)
- ASKUL reports a cyberattack causing system failures; order intake and shipments suspended.
- Company confirms ransomware; investigation and recovery efforts continue; no restoration ETA published.
Outlook
Expect staged restoration prioritizing core logistics and limited catalog availability, followed by broader e-commerce reactivation. If data-theft is confirmed, a disclosure and potential regulator notifications may follow. Downstream retailers and D2C brands integrated with ASKUL’s fulfillment network should prepare for prolonged SLAs and communicate revised delivery windows to end customers.
