Coca-Cola Suspends US Fairlife Milk Production Following Ransomware Cyberattack

Coca-Cola says unauthorized access to Fairlife's production-related systems prompted a temporary halt to U.S. operations as investigators work to determine the scope of the ransomware incident.
Published: 7/17/2026, 10:46:33 PM EDT
Coca-Cola Suspends US Fairlife Milk Production Following Ransomware Cyberattack
Coca-cola soda on display during a preview of a new Walmart Super Center prior to its opening in Compton, Calif., on Jan. 10, 2017. (Mike Blake/Reuters)

The Coca-Cola Company has temporarily suspended Fairlife milk production across the United States after discovering unauthorized access to portions of the dairy brand's computer systems in what the company believes was a ransomware attack.

In a statement issued July 16, Coca-Cola said Fairlife identified "unauthorized access by a third party to a portion of its systems, including its production-related systems," in connection with a ransomware event.

The company said it immediately activated its incident response and business continuity protocols after detecting the intrusion, launched an investigation with outside cybersecurity experts, and notified law enforcement.

"The full scope, nature and impacts of the incident are not yet known," the company said in the statement.

The cyberattack has prompted a temporary suspension of Fairlife's U.S. production operations while the investigation continues. Coca-Cola said the disruption is limited to the United States, and that Fairlife's production facilities in Canada remain operational.

Despite the operational disruption, Coca-Cola said the incident has not affected the safety or quality of Fairlife products.

"Product quality and safety have not been impacted," the company said, adding that it is "working diligently to complete the investigation and restore the systems and impacted operations."

The company has not disclosed when the breach occurred, how the attackers gained access, or whether any customer or employee information was compromised. It also has not said when U.S. production is expected to resume.

According to the FBI, ransomware is a form of malicious software, or malware, that prevents victims from accessing computer files, systems, or networks while demanding payment to restore access.

The agency says ransomware can spread after a user opens a malicious email attachment, clicks an infected link or advertisement, or visits a compromised website. Once installed, the malware can lock or encrypt data across individual computers and networked systems, often disrupting normal business operations.

“Most of the time, you don’t know your computer has been infected. You usually discover it when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments,” the description reads.

Fairlife, headquartered in Chicago, produces ultra-filtered milk, protein shakes, and nutrition products. Coca-Cola acquired the remaining stake in the dairy company from Select Milk Producers in 2020, giving the beverage company full ownership after first purchasing a minority interest in 2012.
Since then, Fairlife has become one of Coca-Cola's fastest-growing businesses, generating more than $3 billion in annual retail sales and expanding beyond traditional dairy into protein-focused beverages.

Coca-Cola said its investigation remains ongoing and that it will continue working with cybersecurity specialists and law enforcement as it seeks to restore affected systems and resume normal production.