The fragility of industrial supply chains is once again on display as a ransomware attack strikes Fairlife, the dairy subsidiary of The Coca-Cola Company. The breach has forced a temporary suspension of all manufacturing operations across the United States.
Production Systems Compromised
In a Form 8-K filing with the SEC, Coca-Cola disclosed that an unauthorized third party gained access to a portion of Fairlife's systems, specifically targeting production-related infrastructure. This intrusion effectively sidelined the manufacturing of ultra-filtered milk and protein shakes, creating a significant operational gap in the US market.
Interestingly, the company noted that Canadian operations remain unaffected. This suggests a level of network isolation between regional hubs that prevented the ransomware from spreading globally, limiting the damage to US-based facilities.

Coca-Cola plans dairy plant near Rochester for Fairlife brand — https://www.nydailynews.com/2023/05/09/coca-cola-to-build-northeasts-largest-dairy-plant-near-rochester-for-fairlife-products/
Incident Response and Food Safety
Upon detection, Coca-Cola triggered its business continuity protocols and engaged third-party cybersecurity experts to assess the breach. Law enforcement agencies have also been notified as part of the forensic investigation.
A primary concern in food-industry cyberattacks is product tampering or contamination. However, Coca-Cola has explicitly stated that product quality and safety have not been affected, indicating that the attack targeted administrative or operational control systems rather than the physical production parameters.

Coke-Owned Fairlife Milk Is Soda Giant’s Fastest Growing Brand - Bloomberg — https://www.bloomberg.com/news/features/2025-02-10/coke-owned-fairlife-milk-is-soda-giant-s-fastest-growing-brand
The Extortion Gap and Financial Outlook
Despite the operational shutdown, there is currently a lack of information regarding the perpetrators. No ransomware group has claimed responsibility, and Coca-Cola has not confirmed if data was stolen or if a ransom demand was made. As noted by BleepingComputer, this often precedes a double-extortion attempt where attackers threaten to leak sensitive data.
From a financial perspective, the company has not yet determined if the disruption will materially affect its overall bottom line. Nevertheless, the temporary loss of a billion-dollar brand's production capacity underscores the high stakes of operational technology (OT) security.
