Molson Coors Cyberattack, Storms Could Cost Company $140 Million

Cyber Incident and Texas Storms Will Delay Between 1.8 and 2.0 Million Hectoliters of Beer Production and Shipments

Brewing giant Molson Coors said that a disruptive cyberattack, combined with winter storms in Texas, could cost the company upwards of $140 million in short-term EBITDA.

The maker of popular beer brands in the U.S., including Coors Light, Miller Lite, Molson Canadian, Blue Moon, Carling, Coors Banquet, and others, revealed on March 11 that a cyberattack severely disrupted several parts of its business, including  brewery operations, production, and shipments. 

While the beverage giant says that substantial progress has been made in restoring impacted systems, production and shipping has yet to reach normal operating levels.

“Despite this progress led by the significant efforts of the Molson Coors team, along with the support of leading forensic information technology firms and other advisors, the Company has experienced and continues to experience some delays and disruptions in its business, including brewery operations, production and shipments in the U.K., Canada and the U.S.,” a March 26 statement said.

The company said the cyber incident will have an impact on its first quarter revenue and on 2021 financial results, but did not provide specific figures on expected costs. It did say that incremental one-time costs in both Q1 and Q2 of the year would result from clean-up efforts related to the attack.

According to the company, “the cybersecurity incident and the February winter storms in Texas will shift between 1.8 and 2.0 million hectoliters of production and shipments from the first quarter 2021 to the balance of fiscal year 2021 and will also shift between $120 million to $140 million of underlying EBITDA from the first quarter 2021 to the balance of fiscal year 2021.”

Molson Coors did not respond to a SecurityWeek inquiry requesting a breakdown of costs between the cyber incident and Texas storms.

The company has also yet to share any technical details on the cyberattack, but most industry experts speculate it to be ransomware related.

“We notified law enforcement and are cooperating in their investigation. We also have notified and are working with all of our relevant insurance companies,” the company said in a statement.

Last summer beverages company Lion, a major supplier of beer and milk in Australia and New Zealand, was hit by a ransomware attack that caused disruptions to manufacturing processes and customer service. 

Japanese car maker Honda was also hit by ransomware last summer, which impacted production operations at some plants in the United States.

Tech firms have long issued warnings that industrial control systems that power manufacturing plants and utilities are prime targets for ransomware attacks. In a December 2020 report from IBM and industrial cybersecurity firm Dragos, researchers noted that ransomware attacks against industrial entities jumped more than 500 percent over the last two years.

Related: CompuCom Cyber-Attack Costs Could Reach $28M

Related: Universal Health Services Takes $67 Million Hit From Cyberattack

Related: Trucking Giant Says Ransomware Attack Had $7.5M Impact