Coca-Cola's Fairlife Dairy Operations Face Temporary Halt Due to Ransomware Attack in US

On July 16, 2026, Coca-Cola's Form 8-K disclosed that fairlife identified unauthorized third-party access to production-related systems, resulting in a temporary suspension of U.S. production, with Canada operations not affected; the company said it is investigating with outside advisors and has notified law enforcement.
Fairlife’s product lineup includes ultra-filtered milk products, protein shakes, and nutrition drinks sold in the United States.
As of the reporting, no ransomware gang has claimed responsibility for the attack.
There are inconsistencies in reporting about whether U.S. production is currently suspended or not, with some outlets noting a suspension and others saying production operations are not currently impacted.
Coca-Cola's fairlife dairy subsidiary suffered a ransomware attack that forced a temporary halt to all U.S. production, the company disclosed in an SEC Form 8-K filing on July 16, 2026. Canadian operations were not affected, according to MarketScreener.
Fairlife makes ultra-filtered milk, protein shakes, and nutrition drinks sold across the United States. The company says product quality and safety were not impacted. No ransomware group has yet claimed responsibility for the attack, according to Business Circle.
Attackers gained unauthorized access to fairlife's production-related systems in what Coca-Cola described as a ransomware event. The breach triggered a temporary suspension of all U.S. dairy production. The company immediately activated incident response and business continuity plans, according to MarketScreener.
Coca-Cola brought in outside cybersecurity experts to investigate. Law enforcement was also notified. The company is still working to determine the full scope of the attack and whether any data was stolen, according to Morningstar.
The Form 8-K filing with the U.S. Securities and Exchange Commission confirmed unauthorized third-party access to production systems. Coca-Cola has not yet confirmed whether any customer or company data was stolen. It also remains unclear whether the attack will have a material financial effect on the company, according to MarketScreener.
There are also conflicting reports about the current status of production. Some outlets say U.S. production remains suspended. Others say operations are no longer impacted. Coca-Cola has not issued a clear update on whether the production lines are running again, according to Business Circle.
Fairlife is one of Coca-Cola's fastest-growing brands. Its product line includes ultra-filtered milk, Core Power protein shakes, and nutrition drinks. Any extended production shutdown could put pressure on store shelves across the United States, according to Morningstar.
Canadian production was not disrupted. But since fairlife's U.S. facilities handle the bulk of North American output, even a brief halt could affect supply chains. Coca-Cola says quality and safety standards were maintained throughout the incident, according to MarketScreener.
As of the latest reporting, no cybercriminal group has publicly claimed credit for the ransomware attack on fairlife. That is unusual. Most major ransomware gangs post stolen data or demands quickly to pressure victims into paying. The silence leaves the motive and method unclear, according to Business Circle.
Investigators are still working to understand who carried out the attack and how deep the intrusion goes. Until that assessment is complete, Coca-Cola says it cannot confirm whether the incident will have a lasting financial impact on the company, according to Morningstar.
Publishers
11
Articles
108
Reach
119