Cyberattack on Asahi Triggers Beer Shortages Across Japan

A disruption that turned taps dry

Japan’s best known brewer is racing to keep shelves stocked after a cyberattack knocked out critical business systems and forced production and deliveries to pause. Asahi Group said ordering and shipping in Japan went offline early in the week, bringing most domestic factories to a halt. The interruption has rippled quickly through the country’s convenience stores, supermarkets, restaurants and bars. Popular products, from Asahi Super Dry beer to bottled teas and soft drinks produced under contract, are now in short supply in parts of the country.

Asahi emphasized that the incident is confined to Japan, which accounts for roughly half of group sales. Overseas operations and global brands such as Peroni, Pilsner Urquell, and Grolsch continue to operate as normal. The company’s challenge lies not only in brewing beer, but in managing orders, inventory and nationwide distribution. When those systems go dark, production runs cannot be planned with confidence, shipments cannot be booked or invoiced, and customer service cannot function at scale.

In the days following the intrusion, Asahi began partial manual processing of orders and shipments, using phones, in person visits and paper workflows to prioritize supply of core items. The firm said its call centers would start to reopen, while warning that it could not yet give a clear timeline for full recovery. Retailers including 7-Eleven, FamilyMart and Lawson have told customers to expect sporadic shortages as existing stocks are depleted.

How the attack unfolded and what went offline

Asahi confirmed a ransomware attack that disrupted internal systems used for ordering, shipment and customer support. The company also reported trouble receiving emails from outside the organization. Production equipment itself was not damaged, according to the firm, yet breweries and bottling lines were paused because orders could not be processed and deliveries could not be coordinated. That decision is common in complex manufacturing, where accurate orders, labeling, tax documentation and logistics are tightly linked to compliance and safety.

Ransomware and why it shuts down breweries

Ransomware is malicious software that locks up computer systems and data until a payment is demanded. Many groups use a double extortion model in which they both encrypt a victim’s systems and steal sensitive files to increase pressure to pay. Modern breweries rely on two technology layers. One layer runs production equipment, sometimes called operational technology. The other layer runs business software for orders, inventory, distribution and finance, often called information technology. If the business systems fail, a brewer may still be able to make beer, but it cannot confidently plan production, allocate raw materials, schedule trucks, or bill customers. The practical result can be a controlled shutdown to avoid waste and confusion.

Manufacturers that segment their networks, maintain offline backups and rehearse incident response can reduce downtime. Even so, restoring complex order management and logistics platforms can take days or weeks, especially when a company must verify the integrity of data before turning systems back on. Asahi said restoring supply to customers is the top priority while forensic work continues.

Retailers and restaurants feel the pinch

Convenience store chains across Japan have warned of tight supplies. Seven & I Holdings, which operates 7-Eleven, has halted shipments of certain Asahi products and told shops to prepare for shortages. FamilyMart said some of its private label bottled teas, produced by Asahi, could be out of stock. Lawson plans to stock alternative products to reduce disruption. A large supermarket operator also cautioned shoppers that some Asahi items may soon be unavailable.

In a public notice, FamilyMart, one of the country’s largest convenience store operators, apologized to shoppers and said it is coordinating closely with the brewer to resume normal supply.

We sincerely apologise to our customers for any inconvenience caused.

Bars and eateries are also feeling the strain. Some outlets that pour only Asahi on tap have switched to rival beers to avoid gaps on the menu. Restaurants that pair house specialties with Super Dry say the change is unwelcome, yet necessary until kegs and bottles start flowing again.

In Tokyo, chef Tomiko Yano of yakitori restaurant Kushiyaki Tosaka explained how quickly the shortage hit a small venue that sells a single beer brand.

The shortage is a problem as our yakitori pairs well with Super Dry and many customers prefer it.

Who is behind it and what data may be at risk

A group known as Qilin has claimed responsibility for the attack and said it took roughly 27 gigabytes of internal data. The group posted images purporting to show budgets, contracts and other documents, an attempt to pressure the company by threatening leaks. Qilin operates a ransomware as a service model. Affiliates rent its malware and infrastructure, then share ransom payments with the core operators. The collective has targeted hundreds of victims globally, with a focus on manufacturing and healthcare.

Asahi said it is investigating signs of unauthorized data transfer and has notified law enforcement. At the time of the initial disclosure, the company said customer data did not appear to have been compromised. While the full scope of any leak remains under review, the type of documents claimed by the attackers could expose employees and business partners to phishing attempts or fraud. The firm continues to work with external specialists to contain the breach and restore systems.

Security analysts caution that data theft often precedes attempted social engineering. Employees, suppliers and distributors should be wary of unsolicited emails or calls that request passwords, payment changes or sensitive information. Verification through known contacts and official channels is critical until Asahi provides final guidance on any exposed data.

The recovery plan at Asahi

After an initial shutdown of most domestic sites, Asahi said it has restarted brewing at all six of its beer plants in Japan, although they are not yet operating at full capacity. Those breweries are focusing on the company’s top seller, Asahi Super Dry. Two soft drink factories have partially reopened, and five more are scheduled to resume gradually in line with shipments. All seven of the group’s food plants in Japan have resumed operations, also below normal capacity while the supply chain stabilizes.

The company said it would prioritize a limited portfolio while systems come back online. It plans to resume shipments from mid October for a set of 16 products, including nonalcoholic beers such as Asahi Dry Zero and Asahi Zero, Clear Asahi beer, and Black Nikka Clear whisky. Launches of new items in the October pipeline, such as soft drinks and protein bars, have been postponed.

To keep goods moving, employees have been taking orders by phone, writing them by hand, visiting major customers and even sending shipment instructions by fax. The company expects call centers to begin partial reopening during the week. That manual workaround is time consuming, yet it provides a bridge until digital platforms are restored and tested.

Atsushi Katsuki, Asahi’s president and group chief executive, apologized for the disruption and stressed that the priority is to supply customers while repair work continues.

We are making every effort to restore the system as quickly as possible, while implementing alternative measures to ensure continued product supply to our customers.

Business fallout and supply chain lessons

The disruption has shaken investor confidence. Asahi’s shares fell sharply in the wake of the breach, at one point dropping more than 7 percent before a modest rebound. Analysts warned that a prolonged outage could erode fourth quarter profit in Japan and weigh on group earnings. If shelves stay empty, the brewer may face out of stock penalties from large retailers and lost sales in pubs and restaurants. The indefinite delay of a dozen new products cuts into planned growth and marketing campaigns.

The decision to suspend production, even when equipment is not damaged, is a defensive move that avoids producing beer without confirmed orders, shipping capacity, tax paperwork and destination labeling. Alcohol distribution has strict controls. Brewing and packaging without the ability to ship can create quality risks and inventory mismatches that are costly to unwind. The incident also highlights how close coordination between information technology and factory systems has become, and why network segmentation, strong identity controls and tested backups are now central to business continuity in manufacturing.

Japan’s broader cybersecurity challenge

Ransomware attacks on major companies have surged in Japan. Reports counted 116 ransomware incidents in the first half of the year, and specialists believe many cases go unreported. A shortage of cybersecurity talent and uneven digital literacy in parts of an aging workforce add to the challenge. Attackers have adopted a service model, making it easier for affiliates with modest skills to launch disruptive campaigns using rented tools and playbooks. Manufacturing has become a prime target because production stoppages put immediate pressure on victims to pay.

Japanese policymakers have promised stronger cyber defenses, and new measures allow more proactive steps against attacks. The effectiveness of those changes will depend on how companies invest in prevention and rehearse recovery. Boards and executives are increasingly expected to treat cyber risk like any other enterprise risk. That means ring fencing critical systems, segmenting networks, patching promptly, hardening identity and access, training frontline staff to spot phishing, and regularly testing restoration from clean backups. Incidents cannot be reduced to zero, yet companies that prepare tend to recover faster and with less collateral damage.

Qilin’s claim in this case fits a wider pattern in which data theft is paired with operational disruption. The group and its affiliates have hit manufacturers and hospitals across regions. Food and beverage companies, which often run tight margins and complex logistics, can be attractive targets if attackers believe downtime will lead to quick settlements. The Asahi breach shows that even nimble workarounds, like paper orders and phone calls, only go so far when the country’s largest brewer is trying to serve millions of customers.

What shoppers should expect now

Shortages are likely to be uneven by region and store. Super Dry remains in production inside Japan, but supply will be prioritized and may not cover all formats and pack sizes until shipments ramp back up. Convenience stores are moving to substitute products where needed, and pubs may pour more beer from rivals in the near term. Imported Asahi stocks and overseas markets are not affected by the incident.

Shoppers looking for specific items can check a mix of formats. In some areas, canned beer may be available where draft is limited, or larger bottles may be in stock when six packs are not. For private label teas and soft drinks made by Asahi, availability will vary by chain as back rooms empty. Retailers advise against panic purchases because they can deepen local shortages and complicate allocation.

Customers, suppliers and employees should also be cautious about unsolicited messages. If the attackers did steal internal documents, phishing attempts could follow. Rely on official company channels for updates, verify payment changes by phone using known contacts, and report suspicious emails to security teams.

The Bottom Line

• A ransomware attack disabled Asahi’s ordering, shipping and customer systems in Japan, forcing a pause at most domestic factories.
• Brewing has restarted at all six beer plants, but output is below normal and focused on Super Dry while systems recover.
• Convenience chains and restaurants report tight supplies. Some bottled teas and beer formats are already out of stock in places.
• The Qilin group claimed it stole about 27 gigabytes of internal data. Asahi is investigating signs of data theft and working with authorities.
• From mid October, Asahi plans to resume shipments of 16 products including Dry Zero, Asahi Zero, Clear Asahi and Black Nikka Clear.
• Overseas operations and global brands outside Japan remain unaffected by the incident.
• Shares fell after the breach. Analysts warn a prolonged outage could hit fourth quarter profit and result in retailer penalties.
• Manual workarounds, including phone and fax orders, are in place. The timeline for full digital restoration remains uncertain.