Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Vocus Group, the parent company of Dodo and iPrimus, has confirmed a cyberattack that exposed sensitive customer data and led to unauthorised SIM-swap incidents. The breach affected 1,600 customers, underscoring rising cybersecurity threats in Australia’s telecom sector.
The US Department of Homeland Security has confirmed a major cybersecurity breach affecting FEMA and CBP employees. The attacker exploited a Citrix vulnerability to infiltrate internal systems, prompting mass staff firings and renewed scrutiny over federal cybersecurity practices.
Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Cyber News Centre's cyber update for 22nd October 2025: Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation. The cyberattack, disclosed two days ago, has forced multiple major Japanese retailers offline, highlighting the growing risks of supply chain vulnerabilities in today’s interconnected digital economy.
Muji is a globally recognised Japanese retail company known for its minimalist design philosophy and “no-brand” approach. Askul Corporation is a major e-commerce and logistics provider serving around 5.6 million corporate clients and 10 million individual customers.
The Update: Askul confirmed on Tuesday that a system failure caused by a ransomware infection had forced it to halt orders, shipments and customer service operations. The company suspended new user registrations, catalogue requests, returns, pharmaceutical orders and customer service hotlines.
Muji announced that these logistics failures had disabled its online store and subscription services, with no timeline for resuming orders. Its parent company, Ryohin Keikaku, stated that its own systems remain secure and physical stores are unaffected, although online operations will stay offline until Askul recovers.
Other retailers, including Loft and Sogo & Seibu, have also reported service disruptions linked to the Askul incident. The company is still investigating whether any customer data has been compromised, and undelivered orders placed before 21 October have been cancelled. No ransomware group has yet claimed responsibility.
This follows a similar attack on Asahi Group Holdings, which was claimed by the Qilin ransomware gang and continues to affect operations.
Why It Matters: The Askul breach highlights how one compromised supplier can disrupt an entire business ecosystem. By targeting a single logistics provider, attackers have paralysed several well-known retailers, showing how ransomware operators exploit supply chain dependencies to amplify damage and leverage extortion.
The financial and operational fallout from such attacks continues to rise. A recent report by cybersecurity firm ExtraHop found that the average ransomware payment in 2025 has increased to $3.6 million, up from $2.5 million last year.
This incident reinforces the need to look beyond internal systems and strengthen the security of their third-party vendors. Continuous monitoring, regular risk assessments and robust incident response plans are essential to reducing exposure. For consumers, the Muji shutdown serves as a reminder that the convenience of online shopping relies on a complex digital infrastructure that can be quickly disrupted by a single breach.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Vocus Group, the parent company of Dodo and iPrimus, has confirmed a cyberattack that exposed sensitive customer data and led to unauthorised SIM-swap incidents. The breach affected 1,600 customers, underscoring rising cybersecurity threats in Australia’s telecom sector.
The US Department of Homeland Security has confirmed a major cybersecurity breach affecting FEMA and CBP employees. The attacker exploited a Citrix vulnerability to infiltrate internal systems, prompting mass staff firings and renewed scrutiny over federal cybersecurity practices.
SimonMed Imaging has confirmed a ransomware attack by the Medusa group, exposing the sensitive health and personal data of 1.27 million patients. The breach, which originated in January, highlights the severe risks posed by third-party vendor vulnerabilities in the healthcare sector.
The Australian Signals Directorate's latest Annual Cyber Threat Report reveals a cybercrime is reported every 6 minutes, with costs to businesses soaring. The report highlights the growing threat from state-sponsored actors and the impact of AI in enabling larger, faster attacks on the nation.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
