Coca-Cola halts US fairlife dairy production after ransomware attack
Coca-Cola disclosed in an SEC filing that a ransomware attack on its fairlife dairy subsidiary forced the temporary suspension of all US production while investigators assessed the intrusion.
- Victim
- fairlife
On 16 July 2026, The Coca-Cola Company โ the Atlanta beverage giant that owns the Chicago-based ultra-filtered milk brand fairlife โ disclosed in a Form 8-K filed with the U.S. Securities and Exchange Commission that its fairlife subsidiary had been hit by a ransomware attack. According to the filing, fairlife "identified unauthorized access by a third party to a portion of its systems, including its production-related systems, in connection with a ransomware event." The disruption was severe enough that production operations at fairlife in the United States were temporarily suspended.
The company said it promptly activated its incident response and business continuity protocols after detecting the issue and that its investigation into the scope and impact of the incident was ongoing with the assistance of outside advisors and cybersecurity experts. Coca-Cola also notified law enforcement. Crucially for consumers, the company stressed that product quality and safety had not been impacted, and it noted that fairlife's Canadian production operations were not affected by the incident.
A production-line hit, not just an office breach
What set this incident apart from a routine corporate data breach was that the intrusion reached production-related systems โ the manufacturing environment โ forcing a physical halt to output rather than merely exposing back-office records. fairlife, headquartered in Chicago's West Loop and operating high-volume dairy plants in the United States, is a significant supplier of value-added milk products, so a suspension of US production carried real supply-chain consequences for a widely stocked consumer brand. Coca-Cola did not quantify the expected financial or volume impact in its initial disclosure.
Open questions
As of the days immediately following disclosure, several key facts remained unconfirmed. No ransomware group had publicly claimed responsibility, and Coca-Cola had not stated whether any data was exfiltrated from fairlife's environment or whether the attackers had issued a ransom demand. The company framed the event through the lens of operational disruption and its SEC materiality obligations rather than data theft, and it did not commit to a timeline for restoring US production. With the investigation continuing and the manufacturing outage unresolved at the time of reporting, the incident's status was best characterised as ongoing.
Timeline
The Coca-Cola Company files a Form 8-K with the U.S. SEC disclosing that fairlife identified unauthorized access to a portion of its systems, including production-related systems, in a ransomware event.
fairlife temporarily suspends all US production; Canadian operations continue and the company says product quality and safety are unaffected.
Security reporting notes that no ransomware group has publicly claimed responsibility and that Coca-Cola has not confirmed whether data was exfiltrated or a ransom demanded.
Sources
- sec.govhttps://www.sec.gov/Archives/edgar/data/0000021344/000162828026048466/ko-20260716.htm
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/
- securityweek.comhttps://www.securityweek.com/coca-cola-suspends-us-fairlife-production-due-to-ransomware-attack/
- helpnetsecurity.comhttps://www.helpnetsecurity.com/2026/07/17/coca-cola-fairlife-ransomware-attack/
- techcrunch.comhttps://techcrunch.com/2026/07/16/coca-cola-suspended-production-at-its-fairlife-dairy-after-a-ransomware-attack/
- abc7chicago.comhttps://abc7chicago.com/post/fairlife-news-chicago-based-company-owned-coca-cola-pauses-production-ransomware-cyberattack-breaches-milk-brand-systems/19527368/