Japanese retail company Muji has suspended its online sales and several related services in Japan following a ransomware attack on its logistics partner, Askul Corporation. The incident disrupted Muji’s ability to process orders, display product details, and provide customers access to their order history or the Muji app.
“Currently, a system failure has occurred on the Askul website due to a ransomware infection, and we have suspended orders and shipping operations.”
— Askul Corporation
Extent of the Disruption and Services Impacted by the Askul Cyberattack
The ransomware originated from Askul, which manages business-to-business logistics and e-commerce operations for Muji’s Japanese division. Askul confirmed that the infection forced it to halt all order processing and shipment activities. In response, Muji disabled its Japanese online store and suspended associated services.
Muji clarified that physical retail operations across Japan and overseas remain unaffected. However, its domestic online purchases and “all-you-can-buy” flat-rate subscription services continue to be impacted. The company is currently determining which shipments were disrupted and plans to notify affected customers by email regarding orders made prior to the service suspension.
Muji’s Global Footprint and the Localized Impact of the Incident
Muji, renowned for its minimalist design philosophy and range of household goods, apparel, and furniture, operates over a thousand stores worldwide — including in Japan, China, Australia, Europe, and North America. The retailer employs over 24,500 individuals and generates annual revenues exceeding USD 4 billion.
The impact of this ransomware attack remains confined to Muji’s Japanese market, as Askul’s logistics services are specific to Japan. International operations remain unaffected and continue normal business activities.
Lack of Ransom Claim and Ongoing Investigation
As of the latest updates, no known ransomware group has claimed responsibility for the attack. Askul stated that it is investigating whether personal data was compromised and has committed to notifying affected parties if necessary.
The Muji-Askul incident comes on the heels of a recent ransomware breach targeting Japan’s largest beer producer, which temporarily halted production and delayed product launches. Cybersecurity experts warn that these cases highlight the growing vulnerability of supply chains — especially logistics networks — to ransomware attacks seeking to exploit operational dependencies.
For Japanese consumers, Muji’s online store outage may result in delayed or cancelled orders and restricted access to digital shopping features until restoration efforts are complete. For Muji and other large retailers, this incident underscores how a single third-party compromise can cascade into widespread business disruption.
The event also amplifies the urgent need for strengthened cybersecurity governance, more robust vendor risk assessments, and real-time incident response strategies across retail and logistics ecosystems.
Muji and Askul have not yet shared a definitive timeline for full restoration of services or disclosed the total number of affected transactions.
