Fri 17 Jul 2026 / 12:37 ET
Kernel
Security 3 min read

Fairlife pauses US dairy production after ransomware incident

Coca-Cola told investors that its Fairlife unit halted US production after detecting a ransomware intrusion, while Canada operations continue.

Mara Chen-Doyle

By Mara Chen-Doyle / Staff Writer

Fairlife pauses US dairy production after ransomware incident
img: The Record

Coca-Cola’s Fairlife dairy business has temporarily stopped production in the United States after a ransomware incident, the company said in a securities filing. For customers and retailers, the immediate question is supply. For Fairlife, the problem is operational: Coca-Cola has confirmed a disruption, but has not said which systems were hit or how long the pause will last.

Fairlife detected the intrusion on Thursday, according to Coca-Cola’s filing with the US Securities and Exchange Commission. The company said it has not yet determined the full scope of the incident.

Coca-Cola said product quality and safety were not affected. It also said Fairlife’s Canadian operations were not hit by the incident.

The filing gives only the bones of the security event. Coca-Cola described it as ransomware, said an internal investigation is underway, and said law enforcement has been notified. The company did not name a ransomware crew. It also did not announce any compromise of corporate or consumer information.

That leaves several useful facts unanswered. Coca-Cola has not said whether attackers encrypted manufacturing systems, back-office systems, logistics platforms, or some mix of them. It has not said whether the attackers claimed to steal data before the production halt. It has not said whether the halt affects all US output or only specific facilities.

What Fairlife runs in the US

Fairlife’s US footprint includes plants in Michigan, New York and Arizona. The company traces its history to 1994, and the Fairlife brand began selling nationwide in 2015. Coca-Cola took full control of Fairlife in 2020.

The business is not a small side project. Fairlife said it passed $1 billion in annual retail sales in 2022. A production stoppage at that scale can ripple through distributors and stores even when the underlying cyber incident does not involve product safety.

Ransomware incidents often become public through customer disruption before companies finish their technical investigations. In this case, Coca-Cola’s filing is careful: it confirms the attack and the production pause, while leaving out the operational detail that would show how the attackers turned a network intrusion into a manufacturing problem.

Food and beverage companies remain busy targets

Fairlife is the latest food or beverage company to report a cyber disruption. Sapporo, the Japanese brewer, reported unauthorized access affecting the networks of two subsidiaries in late June. An attack on Japan’s largest refrigerated logistics company disrupted Kentucky Fried Chicken restaurants this week, according to prior reporting.

Russian dairy companies have also reported recent intrusions. United Natural Foods, a US grocery distributor, reported a cyberattack in the summer of 2025. South Africa’s largest chicken producer said a cyber incident disrupted its operations earlier that year.

The pattern is not mysterious. Food companies depend on tightly timed production, cold storage, distribution, and retail delivery. When attackers interrupt the systems behind that chain, the damage can show up as halted plants, delayed shipments, or empty shelves before anyone has a tidy incident report ready.

For now, Coca-Cola has given investors three confirmed points: Fairlife found a ransomware intrusion, US production has been suspended temporarily, and the company says its products remain safe.

This story draws on original reporting from The Record.

More Security/

view all ↗