Cyber Incident Victim: Lion

On June 9, 2020, Australian beverage and dairy company Lion disclosed a cyber incident that prompted it to proactively shut down its IT systems as a precautionary measure. By June 11, Lion confirmed the incident was a ransomware attack targeting its computer systems, forcing continued system outages. The company’s IT teams and external cyber advisors worked continuously to investigate the breach and restore operations, though the process took longer than initially anticipated. Lion emphasized restoring systems safely to resume normal manufacturing and customer service operations, acknowledging the disruption would persist during recovery efforts. The attack delayed plans to increase beer production following COVID-19 brewing limitations, reducing stock visibility and risking temporary shortages across pubs, restaurants, and retail channels as Australia eased pandemic restrictions.

The ransomware significantly impacted Lion’s Dairy & Drinks division, causing manufacturing site outages and customer service disruptions for fresh dairy, juice, and soy products. Manual ordering and delivery processes were implemented to mitigate service failures, with dedicated teams assisting customers. Lion reported no evidence of compromised financial or personal data but committed to ongoing review as investigations continued. The company, operating 45 sites across Australia and New Zealand with 6,700 employees and an annual economic contribution of AU$5.3 billion, faced operational challenges across its brewing and fresh goods divisions simultaneously. While Lion maintained existing beer stockpiles from pandemic-era production, the ransomware attack hindered its ability to scale operations to meet post-lockdown demand, prolonging supply chain interruptions during a critical market recovery period.