Coca-Cola’s dairy subsidiary Fairlife has halted all U.S. production operations following a ransomware attack that breached the company’s systems, the beverage giant announced Thursday. Fairlife detected unauthorized access by a third party to a portion of its systems, including production-related infrastructure, in connection with the ransomware event.

The incident was disclosed in a Form 8-K filing with the U.S. Securities and Exchange Commission on July 16, 2026. Coca-Cola said that after detecting the breach, it promptly activated its incident response and business continuity protocols. The company has engaged outside advisors and cybersecurity experts to investigate the attack and notified law enforcement authorities.
Fairlife is one of Coca-Cola’s largest non-carbonated brands, known for its ultra-filtered milk, high-protein shakes, and nutrition drinks. The brand generated an estimated $4 billion in annual sales by 2024 and has become one of the company’s fastest-growing portfolio segments. Its Core Power protein shakes have become fixtures in gym refrigerators and convenience stores across the country.
Coca-Cola acquired full ownership of Fairlife in 2020 for approximately $7 billion from Select Milk Producers. The suspension of U.S. production is temporary, though the company has not provided a timeline for when operations will resume. Fairlife’s production operations in Canada remain unaffected by the incident.
The company emphasized that product quality and safety have not been compromised by the ransomware attack. The full scope, nature, and impacts of the incident remain under investigation, and Coca-Cola said it has not yet determined whether the cyberattack will be reasonably likely to materially affect the company’s financial performance.
At this time, Coca-Cola has not disclosed whether any customer, employee, or supplier data was accessed during the attack. No ransomware gang has publicly claimed responsibility for the incident, and the company has not identified which group may be behind the attack. It remains unclear whether the attackers have demanded a ransom.

The timing of the incident comes less than two weeks before Coca-Cola is scheduled to report its second-quarter financial results on July 28. Analysts have been assessing how the disruption could impact earnings and the company’s operational resilience. Coca-Cola shares declined slightly in extended trading following the disclosure, though the market reaction remained relatively muted.
The Fairlife attack reflects a troubling broader trend in which ransomware operators increasingly target food and beverage companies. These criminal groups have discovered that the sector’s economics favor rapid payments. Narrow profit margins in dairy and beverage manufacturing mean that even short production suspensions translate directly into significant lost revenue with limited ability to recover the output later.
Food and beverage manufacturers have become prime targets because they operate on inflexible production schedules and face immediate losses from downtime. Unlike other industrial sectors where products can be stockpiled, dairy and food products risk spoilage during any interruption. A single hour of operational downtime in the food and beverage sector can cost approximately $39,000, according to industry analysis.
This attack follows a pattern of high-profile incidents affecting major food and beverage companies. In 2021, JBS, the world’s largest meat processor, was forced to suspend operations across its U.S. and Australian facilities after a ransomware attack attributed to the Russian REvil group. The company paid an $11 million ransom to restore operations. Arizona Beverages in 2019 spent weeks processing orders manually after ransomware encrypted its systems, while food distributor UNFI disclosed a cyberattack in 2025 that disrupted 52 distribution centers and cost the company up to $400 million in lost sales.
The food and agriculture sector has experienced dramatically escalating attacks in recent years. According to the Food and Agriculture Information Sharing and Analysis Center, there were 265 ransomware attacks on the food and agriculture sector in 2025 alone, with ransomware groups targeting both the industry’s vulnerable legacy systems and increasingly sophisticated supply chain connections.
Coca-Cola said it is working diligently to complete its investigation and restore Fairlife’s production systems and operations. The company continues to assess the incident’s full impact in coordination with law enforcement and cybersecurity experts assisting with the response.

