Ransomware has disrupted production at Fairlife, Coca-Cola’s ultra-filtered milk and protein shake subsidiary, forcing the dairy business to halt operations at its US manufacturing plants. The beverage giant disclosed the incident in a Securities and Exchange Commission filing on July 16, describing it as a ransomware event that involved unauthorized access to production-related systems.
Fairlife detected the intrusion and immediately activated its incident response and business continuity plans, bringing in outside forensic experts and notifying law enforcement. While US production has stopped, the company said its Canadian facilities remain operational. Coca-Cola acquired full ownership of Fairlife in 2020, and the brand produces Core Power protein shakes alongside its filtered milk products.
The quality and safety of the products themselves have not been affected, according to the filing. Coca-Cola stated it is still investigating the scope of the breach and has not yet determined whether the incident is reasonably likely to have a material financial impact. No ransomware group has publicly claimed responsibility, though such claims sometimes emerge days after an attack if ransom negotiations fail or the attackers escalate pressure.
The filing does not clarify whether the ransomware directly impacted operational technology controlling Fairlife’s manufacturing equipment or if production was suspended as a precautionary measure while supporting IT systems were taken offline during the response. Coca-Cola also has not disclosed whether customer or employee data was stolen in the attack.
The incident is the latest in a troubling pattern of ransomware attacks targeting food and beverage supply chains. While Fairlife’s production halt may create short-term product shortages, the broader concern for the industry remains the operational resilience of critical manufacturing systems against increasingly sophisticated ransomware operations.
