Qilin Ransomware Claims Hack on Japan’s Super Value Supermarket, Leaks Payroll & P&L Data
The Qilin ransomware group has once again claimed responsibility for a large-scale cyberattack. This time, the hackers allege that their victim is the Japanese supermarket chain Super Value Co., and dozens of files purportedly containing the company’s internal documents have appeared on Qilin’s dark web leak site.
Super Value operates a network of combined retail centers—featuring both grocery and household goods stores—as well as standalone supermarkets across Saitama Prefecture and the Greater Tokyo region. On Qilin’s leak portal, the attackers published samples of the stolen data—a standard extortion tactic intended to pressure the company into paying a ransom by partially releasing its confidential files.
Among the exposed materials are performance reports, payroll records, order and sales logs, incident and cash leakage reports, and accounting data, including monthly profit and loss statements.
Of particular concern is the leak of personnel documents, which contain sensitive employee information such as names, addresses, birthdates, gender, positions, departments, phone numbers, employment dates, job categories, and work schedules. If authentic, the breach could expose staff to identity theft and financial fraud.
The company has not yet issued an official statement, and Super Value Co. representatives have not responded to media inquiries. Security researchers note that although no direct employee contact details appear in the leaked files, the exposure of operational data could enable social engineering attacks against the organization itself.
The Qilin group has been active since 2021 and, since late 2023, has published information about nearly 947 victims on its dark web portal. As of September 2025, Qilin has been recognized as the most active ransomware collective, with over 88 recorded attacks this year alone.
In recent months, Qilin has claimed responsibility for breaches affecting U.S. energy companies San Bernard Electric and Karnes Electric, the pharmaceutical operator MedImpact, Volkswagen Group’s French subsidiary, and the Japanese beverage manufacturer Asahi Holdings. During the summer, the group also targeted Nissan’s design studio Creative Box, which later confirmed the incident.
Other notable victims include the California Golf Club of San Francisco—an exclusive venue frequented by Silicon Valley executives—and the U.K. laboratory Synnovis, where the attack forced thousands of surgeries and transplants in London hospitals to be canceled.
Previously, Qilin, LockBit, and DragonForce formed an alliance to share tools and coordinate operations. Experts warn that this collaboration among ransomware syndicates could lead to a surge in global incidents and make investigations increasingly difficult.
One of Qilin’s most high-profile recent attacks targeted South Korean telecom giant SK Telecom, where hackers claimed to have stolen 1 terabyte of data. Following the breach, the company issued a public apology, offered free SIM card replacements, and temporarily suspended new subscriber registrations.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
