Confirmed Ransomware Attack Disrupts Fairlife US Production

Coca-Cola confirmed a ransomware attack affecting Fairlife that temporarily suspended dairy production at U.S. facilities while recovery efforts continue.
Fairlife corporate logo on a blue background.

The Coca-Cola Company has confirmed that a ransomware attack impacting its Fairlife dairy subsidiary has temporarily halted production at Fairlife facilities across the United States, disrupting operations while the company works to restore affected systems.

In a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC), Coca-Cola disclosed that Fairlife detected unauthorized access to portions of its network, including production-related systems, in connection with a ransomware incident.

“After detecting the issue, the Company promptly activated its incident response and business continuity protocols,” Coca-Cola said in the filing. The company added that its investigation is ongoing with assistance from external cybersecurity experts and that law enforcement has been notified.

Production suspended across the United States

According to Coca-Cola, production operations at Fairlife’s U.S. facilities have been temporarily suspended while affected systems are restored. The company said Fairlife’s Canadian production facilities have not been impacted.

Coca-Cola emphasized that the incident has not affected the quality or safety of Fairlife products. However, the temporary shutdown of manufacturing operations highlights how ransomware attacks continue to disrupt industrial production beyond traditional IT environments.

Fairlife is Coca-Cola’s wholly owned dairy brand, producing ultra-filtered milk, Core Power protein shakes, and Nutrition Plan beverages sold throughout the United States.

Investigation remains ongoing

The company has not disclosed how the attackers gained access to Fairlife’s systems, whether any data was stolen, or whether it has received an extortion demand.

Likewise, no ransomware operation has publicly claimed responsibility for the attack at the time of publication.

Coca-Cola said it is continuing to assess the scope and impact of the incident and has not yet determined whether the cyberattack is reasonably likely to have a material effect on the company.

Manufacturing remains a frequent ransomware target

While many ransomware incidents focus on data theft and extortion, attacks against manufacturers can have immediate operational consequences when production systems are affected. Even temporary disruptions can interrupt supply chains, delay shipments, and reduce product availability while organizations recover critical infrastructure.

In this case, Coca-Cola has confirmed that the incident directly affected production-related systems, resulting in the temporary suspension of Fairlife’s U.S. manufacturing operations. The company has not provided an estimated timeline for resuming normal production.

Additional details, including whether customer or employee data was accessed during the incident, may emerge as the investigation progresses.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map