Thoughtless cyber-criminals put Kiwis' access to beer at risk on the first day of level 1, and the threat continues.

A cyber attack interrupted manufacturing and customer orders at Lion, the company confirms.

Toll says data stolen in second ransomware attack within months
Air NZ service provider Travelex held to ransom by hackers demanding $8.5m
F&P Appliances latest to be hit by ransomware attack

The beverage giant was hit yesterday, and is still grappling to fully restore systems after staff lost remote access.


One manual workaround, now fixed, saw Lion inadvertently send customers wishing to order milk to the phone number for a Sydney-based cyber-security consultancy called Cliffside Security (which was quick to point out it was not involved in the security breach).

Lion's stable on this side of the Tasman includes beer brands Lion Red, Speights, Steinlager, Lindauer and Wither Hills wine, Havana Coffee Works and the partially owned Mt Difficulty and Good Buzz kombucha. In Australia, its business lines include a dairy operation and beer brands including XXXX Gold and Toohey's. It also owns craft beer maker and eatery Little Creatures, which brews on-site at various locations including Hobsonville Point, Auckland.

"Lion has experienced a cyber incident impacting our New Zealand and Australian businesses. We took the precaution of shutting down our IT systems, which caused disruption to our suppliers and customers," a spokeswoman told the Herald late Tuesday.

"We have no evidence at this point of any type of data breach but our investigations are ongoing and we have a team of experts continuing to work through the situation.

"Although our ability to process and deliver orders has been significantly affected we have teams working around the clock and have started to deliver some orders."

There have been several high-profile ransomware attacks recently, including two on logistics giant Toll Group. Was Lion also hit by hackers who blocked access to systems or encrypted data and demanded money for them to be placed back under Lion's control?

"We are not yet in a position to comment," the spokeswoman said. "We have notified relevant authorities and our focus is on dealing with the issue and protecting our systems and our customers and suppliers."

"It will be interesting if it is ransomware, because we are seeing quite a lot of ransomware emails on the back of Covid-19, using it as a way to get people to click a link," says Peter Bailey, GM of local security outfit Aura.


The attack was bad timing for Lion on this side of the Tasman, coinciding with the first day of level 1. However, late yesterday, in an investigative effort, the Herald was still able to order Little Creatures Pale Ale in Hobsonville Point.

Lion, formerly Lion Nathan, is today owned by Japan's Kirin.

Attack follows major IT upgrade

Ironically, last week's cyber attack comes after a major technology overhaul.

Lion NZ posted a big fall in net profit for 2018, which was pinned on costs associated with a multi-million-dollar IT transformation project.

The company said its earnings were affected by an IT transformation project designed to modernise its operations.

The two-year project centralised 500 applications running across the business into one cloud-based SAP Hana platform and involved 550 people from Lion's global team.

What to do if you're hit by ransomware

New Zealand businesses or individuals hit by a cyber-attack are advised to contact Crown agency CERT (the Computer Emergency Response Team) as their first step.

CERT acts as a triage unit, pointing people to the right law enforcement agency or technical contacts.

CERT director Rob Pope and police both advise against paying up on a ransomware demand, even if the sum involved is modest.

They say there is no guarantee that data will be returned, or unlocked. They also caution that while paying a small ransom can be convenient, the money can help fund Eastern European gangs who are also involved in the likes of drug and human trafficking.