Coca-Cola-owned dairy firm forced to shut down production due to cyber attack

City with streaks of light
Fairfield has seen its US operations halted due to the "ransomware event." (Getty Images)

A dairy firm owned by the Coca‑Cola Company has been forced to shut down its operations after a cyber attack.

Lactose‑free dairy specialist Fairlife has been hit with a ransomware attack, prompting its parent firm Coca‑Cola to suspend all of its US operations.

The Chicago‑based company has confirmed that it has notified local law enforcement authorities and that it is now conducting its own internal investigation into the breach.

The US$4 billion business added that it is assessing the attack’s impact on its operations, with help from cybersecurity experts.

Although US production has been paused, Fairlife confirmed that its Canadian business remains unaffected at this stage.

This will no doubt prove to be a significant blow to the global soft drinks giant, with Fairlife being one of its fastest‑growing brands.

Well established with a visible retail presence across its home market, the firm is known for its range of ultra‑filtered milk drinks, protein shakes and nutrition products.


Also read → Why can’t Coca-Cola sell Costa?

Commenting on the breach, Muhammad Yahya Patel, vciso and cybersecurity advisor for EMEA at Huntress, said: “What this incident reinforces is something the food and beverage sector has been warned about repeatedly: operational technology environments, the systems that run production lines, manage manufacturing processes, and control physical infrastructure, carry a fundamentally different risk profile to traditional IT.

“When those systems go down, the impact isn’t measured in data loss. It’s measured in business impact, with halted production, wasted inventory, and supply chain disruption that cascades outward fast. Ransomware groups know this. The leverage in hitting an OT environment is immediate and tangible in a way that stealing data often isn’t.”

Coca‑Cola has yet to confirm which group, if any, was behind the attack, and it remains unclear at this stage whether any data has been stolen or whether a ransom has been paid – although in a statement, the company referred to the incident as a “ransomware event.”

In a press release, the Atlanta‑based multinational said: “After detecting the issue, the Company promptly activated its incident response and business continuity protocols. The Company’s investigation and assessment of the impact of the incident is ongoing, with the assistance of outside advisors and cybersecurity experts. The Company has also notified law enforcement.

“Product quality and safety have not been impacted. However, as a result of the incident, production operations at Fairlife in the United States are temporarily suspended. Fairlife’s Canada production operations are not currently impacted.

“The Company is working diligently to complete the investigation and restore the systems and impacted operations. The full scope, nature and impacts of the incident are not yet known. Accordingly, the Company has not yet determined whether the incident is reasonably likely to materially affect the Company.”