Late Sunday, Japanese retailer Muji confirmed that “logistics failures” had disrupted its online store and subscription services.
It happened because its logistics partner, Askul, was taken offline by a ransomware attack.
Askul, a major player in Japan’s e-commerce and logistics space, said the infection triggered a systemwide outage. Orders, shipments, and even customer service functions have been halted as investigators assess the damage and possible data exposure.
The company’s announcement lists nearly every core function as suspended. Online shopping carts lead to error screens. Fax orders fail to send. New user registrations, returns, and catalog requests are paused. Even pharmaceutical orders and inquiries have been shut down. Orders pending delivery as of 21 October are being canceled in sequence.
The disruption has rippled beyond Askul’s own operations. Loft, known for its lifestyle and home goods, warned customers of service impacts. Department store chain Sogo & Seibu has likewise paused online sales for some products.
For now, Askul’s systems remain affected. Recovery efforts are underway, but no timeline has been set for restoring services. The attack highlights how deeply intertwined Japan’s retail supply chains have become, and how one breach can freeze many storefronts at once.
Jamie Akhtar, CEO and Co-founder of Cybersmart, said: “The incident disrupted deliveries and website functions, though there’s no confirmation yet of any data theft. This highlights how even trusted supply chain partners can become weak links, with one breach potentially halting operations across multiple organizations.
To stay safe, Akhtar says individuals and businesses should maintain secure, offline backups and use strong access controls such as multi-factor authentication. “Organizations must also assess their suppliers’ cybersecurity standards, include clear response procedures in contracts, and monitor for unusual activity. A proactive approach to supply-chain security can make all the difference in limiting ransomware’s impact.”
Javvad Malik, Lead CISO Advisor at KnowBe4, added that the reality of interconnected ecosystems is that you can have spotless internal controls and still be taken offline by a partner’s ransomware. “Customers don’t care whose network was hit, they only see that the service or product they need is unavailable and that impacts trust.”
He said this is why it’s important to map critical dependencies beyond IT to logistics and fulfilment, set minimum security baselines in contracts, and practice “supplier outage” playbooks. “Monitor for brand impersonation during downtime, and pre‑agree data‑sharing for rapid joint incident response. Ultimately, resilience must extend past your perimeter to the partners that support your operations.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.