In late 2025, two very different companies on opposite sides of the world – Japan’s Askul and U.S.-based Fieldtex Products – were pulled into the same story: high‑impact ransomware intrusions that turned into major data breaches. For security teams, these incidents are a timely case study in how credential abuse, weak MFA enforcement, and data‑rich backends converge into business disruption and long‑tail privacy risk.
Askul: RansomHouse hits a Japanese logistics backbone
Askul is a major Japanese e‑commerce and office‑supply distributor whose logistics footprint quietly underpins a large slice of business operations across the country. In October 2025, that backbone was abruptly shaken when a ransomware attack crippled IT systems, forcing Askul to suspend order intake, halt shipments, and scramble into manual workarounds.
The RansomHouse group quickly claimed responsibility, boasting of stealing around 1.1 TB of data from Askul before encryption. As the investigation progressed, Askul confirmed that roughly 740,000 data sets had been compromised: about 590,000 corporate customer service records, 132,000 individual customer service records, 15,000 business partner records, and 2,700 executive and employee records. The exposed information includes names, contact details, customer IDs, inquiry histories, and partner contact data, raising clear risks around targeted phishing, social engineering, and B2B fraud.
Crucially, Askul reported no confirmed exposure of individual customers’ credit card information, which was handled through separate payment processors and tokenized workflows. The company has also stated that it did not pay ransom and instead focused on recovery, re‑hardening infrastructure, and notifying impacted customers and partners. However, the attack went far beyond simple file encryption: the threat actor is reported to have disabled endpoint security controls, moved laterally to critical systems, exfiltrated large data volumes, and then encrypted servers while attempting to destroy or encrypt backups.
Early reporting suggests the initial intrusion may have been enabled by compromised administrator credentials belonging to an outsourced IT partner that lacked multi‑factor authentication. That single design decision – unprotected privileged access through a third party – effectively opened a side door into core systems and illustrates how supply‑chain identity risk has become a dominant attack primitive. The downstream impact was severe: several of Askul’s platforms, including its flagship corporate ordering services, faced days of downtime and staged restarts, with ripple effects across Japanese businesses that depend on just‑in‑time office and facility supplies.
Fieldtex: Akira ransomware and a PHI‑heavy breach
Fieldtex Products, headquartered in the United States, operates in a very different space: contract sewing, industrial textiles, and fulfillment of medical and first‑aid supplies, including through its E‑First Aid Supplies division. In mid‑August 2025, Fieldtex detected suspicious activity in its environment, later confirming that an attacker had accessed systems and exfiltrated data in what would be disclosed as a ransomware incident.
The Akira ransomware group listed Fieldtex on its leak site, claiming to have stolen more than 14 GB of internal documents and data. Regulatory filings with the U.S. Department of Health and Human Services (HHS) and subsequent public reporting indicate that approximately 238,615 individuals were affected by the breach. Unlike Askul, the Fieldtex incident is largely about the sensitivity of the data rather than sheer volume: the compromised information centers on protected health information (PHI) linked to health plan members.
According to incident notices, the exposed PHI may include names, postal addresses, dates of birth, health insurance member IDs, details of health plans, coverage terms, and gender information. Even without diagnostic codes or full medical histories for every record, this dataset is rich enough to fuel insurance fraud, account takeover targeting health portals, and highly personalized social engineering against both plan members and employers. To date, Fieldtex and its counsel have focused on notifying affected individuals, offering credit or identity‑theft monitoring, and cooperating with regulators, while there has been limited public detail about the specific technical vector Akira used.
From a ransomware‑operations perspective, Akira has built a reputation for targeting mid‑market organizations, taking time to identify and encrypt file servers and backup repositories, then layering extortion by threatening to publish exfiltrated data. The Fieldtex case aligns with this pattern: a relatively modest data volume by hyperscale standards, but deeply sensitive and regulated, giving the attackers leverage even if encryption alone does not halt operations.
Key lessons for security teams
Several practical takeaways emerge from looking at Askul and Fieldtex together.
First, identity and access pathways through third parties must be treated as high‑value attack surfaces. Askul’s reported use of privileged outsourced accounts without multi‑factor authentication made it far easier for an attacker with stolen credentials to gain a foothold and disable defenses. Organizations that lean heavily on MSPs, SI partners, or offshore support need to subject those identities to the same – or stricter – controls as internal admins: enforced MFA, device trust, conditional access, and continuous monitoring.
Second, data‑aware architecture matters as much as perimeter hardening. In both cases, attackers were able to locate and exfiltrate large volumes of valuable data before or alongside encryption. That reinforces the importance of: mapping where sensitive data actually lives; segmenting and minimizing data stores; enforcing strong access controls and logging on data repositories; and using DLP or exfiltration‑detection controls tuned to spot unusually large or atypical transfers.
Third, ransomware is now fundamentally a data breach story. RansomHouse and Akira both use double‑extortion tactics in which the confidentiality impact can be more damaging than the immediate availability hit. For Askul, that means long‑term reputational and B2B trust consequences as customers worry about exposed inquiry histories and contact details. For Fieldtex, it means navigating HIPAA/HHS scrutiny, litigation risk, and potentially years of identity‑ and insurance‑fraud attempts against affected individuals.
Finally, incident readiness must be sector‑specific. Logistics‑heavy enterprises should stress‑test business continuity around warehouse, transport, and order‑management outages, assuming that a ransomware event could take them offline for days or weeks. Healthcare‑adjacent organizations – even those that are not hospitals or insurers – need to assume that any PHI they touch will be a magnet for extortion crews and should build playbooks that cover rapid regulatory notification, patient/member communications, and long‑term credit monitoring.
For practitioners, Askul and Fieldtex are a reminder that there is no “small” exposure when the attacker controls your admin keys or holds your customers’ most sensitive data. They also provide a rich set of talking points for boards and executives about why investments in identity security, data governance, and tested incident‑response plans are no longer optional. If you are tracking ransomware and data‑breach trends for 2025, these two cases belong high on the list.
