Japanese retail giant Muji has temporarily suspended operations of its online store after a cyberattack on logistics partner Askul paralyzed its order processing and delivery system. The incident caused a complete disruption to online sales and caused delays in order fulfillment across Japan. On Sunday evening (Tokyo time), Muji announced the suspension of all online services, including the ability to make purchases, view order history on the mobile app and some web content. The company emphasized that the disruptions did not affect the operation of offline stores outside Japan, but all internal logistics remained paralyzed.
In an update published the next day, Muji clarified that the attack directly affected Askul’s delivery system. The company has begun checking which orders may have been affected and promised to notify customers by email.
Askul Corporation is a leading player in the Japanese e-commerce market, owned by Yahoo! Japan Corporation and engaged in logistics for corporate and retail customers. In a statement, Askul confirmed that it had fallen victim to ransomware, which led to the suspension of order acceptance, delivery of goods and even the work of the support service.
> “We are investigating the scope of the incident, including the possible leakage of personal customer data,” the company said in a statement.
No known ransomware group has yet claimed responsibility for the attack.
Known for its philosophy of minimalism and high-quality design, Muji has more than 1,000 stores in Japan, China, Europe, Australia and North America. The company has annual revenue of more than $4 billion and a staff of more than 24,500. The Askul attack is the second major cyberattack in Japan in the past month, following the shutdown of beer giant Asahi by the Qilin ransomware.
Cyber experts say Japan is increasingly being targeted by supply chain attacks, as digital-first companies rely on interconnected services. Such attacks can have a cascading effect, from disrupting logistics to disrupting national retail chains. The Muji incident has highlighted how dangerous ransomware attacks can be in today’s supply chains. A single breach of a logistics partner can effectively shut down a global company without directly infiltrating its systems.
Cybersecurity experts advise businesses to strengthen supplier due diligence, implement network segmentation and regularly test their intrusion protection. While Muji is still recovering, this incident has already become a signal for the entire retail industry: even giants are not immune to ransomware.
