Coca-Cola-owned Fairlife has suspended production at all its US dairy facilities following a ransomware attack that compromised production-related systems. The company disclosed the incident in an SEC filing on Thursday, stating it detected unauthorized third-party access to a portion of its systems. Fairlife manufactures ultra-filtered milk and Core Power protein shakes after being fully acquired by Coca-Cola in 2020.
The company responded by immediately activating incident response and business continuity plans, bringing in external cybersecurity experts, and notifying law enforcement. While US production remains halted during the investigation, Canadian facilities continue to operate normally. Coca-Cola emphasized that the quality and safety of Fairlife products have not been compromised by the attack.
The technical scope of the breach remains unclear. The SEC filing confirms that production-related systems were affected but does not specify whether the ransomware directly impacted operational technology controlling manufacturing equipment or if production was suspended as a precautionary measure while supporting IT systems were taken offline. This distinction is significant for understanding the depth of the intrusion and the complexity of recovery efforts.
No ransomware group has publicly claimed responsibility for the attack at this time, though such claims typically emerge days after an incident if ransom negotiations fail or attackers seek to increase pressure on victims. Coca-Cola has not disclosed whether any data was stolen, how many facilities were affected, or whether customer or employee information was compromised. The company stated it has not yet determined if the attack will materially affect its financial performance.
Organizations in the food and beverage sector should review their operational technology security posture and ensure proper network segmentation between IT and OT systems. Companies should verify that incident response plans specifically address production disruptions and that business continuity procedures can maintain operations during extended system outages. Regular testing of backup and recovery capabilities for both IT and production systems is essential for minimizing downtime during ransomware incidents.heft or fraud attempts using their compromised medical and financial information.
Source: https://www.theregister.com/cyber-crime/2026/07/17/ransomware-curdles-production-at-coca-colas-fairlife-dairy-biz/5274157


