Japanese retailer Muji has temporarily suspended its online sales following a ransomware attack on its logistics partner Askul, disrupting nationwide operations. The cyber incident, which occurred over the weekend, caused a major logistics outage, preventing customers from browsing or purchasing items through Muji’s online store, accessing order histories, or using several key features within the Muji app.
According to Muji’s official statement released Sunday evening (Japan Standard Time), the company immediately took its e-commerce platform offline after discovering the disruption in its supply chain network. By Monday afternoon, Muji confirmed that some services had been restored, but online purchases and monthly flat-rate applications remained unavailable. The company is currently conducting a forensic investigation to determine which shipments and customer orders were affected and has promised to notify impacted users via email once the review is complete.
Muji, known globally for its minimalist household goods, clothing, and furniture, operates over 1,000 stores worldwide, including in Japan, China, Singapore, Europe, Australia, and North America. With an annual revenue of approximately $4 billion and more than 24,500 employees, the company’s dependence on reliable logistics infrastructure makes it particularly vulnerable to cyber disruptions.
The source of the disruption, Askul Corporation — a major B2B and B2C logistics and office supply company owned by Yahoo! Japan Corporation — confirmed on Monday that it had suffered a ransomware infection. According to Askul’s translated statement, the attack led to a complete suspension of orders and shipping operations. The company stated: “A system failure has occurred on the Askul website due to a ransomware infection, and we have suspended orders and shipping operations. We are currently investigating the scope of the impact, including potential leaks of personal information and customer data, and will notify affected parties as soon as possible.”
As of now, Askul’s customer service channels, catalog distribution, and return processing systems remain offline, with no clear timeline for full recovery. Fortunately, because Askul handles only Muji’s domestic operations, international customers remain unaffected — Muji’s stores and online platforms outside Japan are operating normally.
At the time of writing, no ransomware group has claimed responsibility for the attack on Askul via public extortion sites. This latest breach follows a growing wave of cyberattacks targeting Japanese corporations, including a recent ransomware assault on Asahi Group, Japan’s largest beer producer. That attack, carried out by the Qilin ransomware gang, forced Asahi to halt production and delay product launches, raising broader concerns about the state of cybersecurity resilience in Japan’s manufacturing and retail sectors.
The Muji-Askul case underscores a rising trend where supply chain attacks on third-party providers disrupt global brands downstream. As Japanese companies deepen their digital transformation, ransomware actors are increasingly exploiting logistics dependencies and cloud integrations to inflict widespread damage. The incident serves as a reminder that robust cybersecurity and vendor risk management are now essential not just for tech firms, but for every retail enterprise operating in a connected world.
