Cyberattack Forces Asahi Breweries to Rely on Pen and Paper Amid Nationwide Shortages

Japan’s largest beer producer, Asahi Group Holdings, is grappling with widespread supply disruptions after a major cyberattack forced the company to temporarily halt production at most of its domestic factories late last month.

The attack crippled Asahi’s digital infrastructure, leaving it unable to process orders electronically. Although operations have resumed at all 30 production sites – including six breweries – most systems remain offline, pushing staff to rely on handwritten orders, fax machines, and paper documentation to keep shipments moving.

The result has been visible across Japan. At Ben Thai, a small restaurant in Tokyo’s Sengawacho district, only four bottles of Asahi Super Dry remain. Owner Sakaolath Sugizaki says her supplier is rationing deliveries, prioritising larger clients while smaller businesses make do with limited stock.

“Asahi told us they’re still sorting things out manually,” she said. “I’m hoping to restock soon, but I don’t know when.”

Asahi, which controls roughly 40% of Japan’s beer market, has apologised for the disruption but declined to say when normal operations will resume. The impact extends beyond beer – shortages have hit the company’s soft drinks, bottled teas, and other beverages produced for convenience store chains like 7-Eleven, FamilyMart, and Lawson.

A liquor shop owner in Tokyo, Hisako Arisawa, described receiving only a fraction of her usual orders. “I can get maybe a few bottles at a time,” she said. “We expect this to last several weeks.”

Wholesale distributors are facing similar challenges. One Tokyo-based wholesaler, who asked to be identified only as Mr. Nakano, said his Asahi orders have dropped to about 10–20% of the norm. “Everything’s handwritten now,” he explained. “We get updates from Asahi by fax when trucks are ready to leave.”

Outside Japan, Asahi’s European subsidiaries – including Peroni, Grolsch, and Fuller’s – have not been affected.

The ransomware group Qilin has claimed responsibility for the breach, which reportedly exposed company data now circulating online. Qilin operates a cybercrime network that enables affiliates to launch ransomware attacks in exchange for a share of ransom payments.

The Asahi incident joins a growing list of cyberattacks targeting major corporations worldwide. In recent months, firms such as Jaguar Land Rover and Marks & Spencer have suffered similar breaches, while a ransomware incident in September disrupted check-in systems at several European airports.

Japan has also been hit repeatedly. A 2024 cyberattack shut down a key container terminal in Nagoya for three days, and Japan Airlines faced significant disruptions last Christmas following another hack.

Despite its high-tech reputation, experts say Japan’s reliance on outdated systems and limited cybersecurity workforce leaves it vulnerable. “Many organisations here still operate on legacy infrastructure and have a culture of trust that makes them soft targets,” said Cartan McLaughlin of the Nihon Cyber Defence Group. “Some are even willing to pay ransoms to restore operations quickly.”

Japan’s Chief Cabinet Secretary Yoshimasa Hayashi confirmed that the government is investigating the Asahi breach and pledged to strengthen the nation’s cyberdefences. A recently enacted Active Cyber Defense Law gives authorities greater power to share intelligence with private companies and authorize counterattacks against hackers’ servers.

For now, however, the ripple effects continue to hit small businesses like Ben Thai. Sugizaki says she’s uncertain when her next delivery of Super Dry will arrive. “Customers ask for it every night,” she sighed. “All I can do is wait – and hope.”