Skip to main content
Emerging ThreatsMalware & Ransomware

Ransomware Attack Disrupts Fairlife US Dairy Production

Empty dairy production facility with idle equipment and computers.

"After detecting the issue, the Company promptly activated its incident response and business continuity protocols," Coca‑Cola said in a Form 8‑K filing with the U.S. Securities and Exchange Commission.

Coca‑Cola's SEC Form 8‑K disclosure

The Coca‑Cola Company announced that a ransomware attack affecting its Fairlife dairy subsidiary has led to unauthorized access to some Fairlife systems, including production‑related systems. The disclosure was made in a Form 8‑K filing with the U.S. Securities and Exchange Commission and states that the company's investigation is ongoing with the assistance of outside advisors and cybersecurity experts. Coca‑Cola also said it has notified law enforcement.

Production halt at Fairlife U.S. facilities

As a direct result of the incident, Coca‑Cola confirmed that production at Fairlife's U.S. facilities has been temporarily suspended while affected systems are being restored. The company said product quality and safety have not been affected by the ransomware attack. Canadian production operations, Coca‑Cola added, are not currently affected.

Status of data, extortion, and attribution

Coca‑Cola has not disclosed whether any data was stolen, whether the company is being extorted, or which ransomware operation is responsible. BleepingComputer contacted Coca‑Cola to ask whether attackers stole data, whether the company had received an extortion demand, and which ransomware gang was behind the attack; a Coca‑Cola spokesperson said the company had nothing additional to share beyond its public statement. The published report also notes that no ransomware gang has claimed responsibility at this time, and that if data was stolen, attackers will likely attempt to extort the company later by threatening to publish it unless a ransom is paid.

Coca‑Cola's immediate response and remediation steps

The company says it promptly activated incident response and business continuity protocols after detecting the unauthorized access. Coca‑Cola is working to restore affected systems and resume operations while its investigation and assessment of the incident's impact continues. In its filing the company said it has enlisted outside advisors and cybersecurity experts to assist with the assessment. Coca‑Cola also stated that, at present, it has not determined whether the cyberattack is reasonably likely to materially affect the company.

What this means for technologists, regulators, and consumers

  • Technologists and security teams: The incident highlights an active recovery process that includes incident response protocols and engagement with outside cybersecurity experts. Teams responsible for production‑related systems will be watching restoration efforts and any indicators of data exfiltration closely, since Coca‑Cola has not confirmed whether data was taken.
  • Regulators and reporting officers: The disclosure via a Form 8‑K signals that the company is treating the event as material enough to inform the SEC while it assesses broader corporate impact. Regulators and corporate compliance officers will monitor whether further disclosures follow as the investigation clarifies the scope and effects.
  • Consumers and supply chain partners: Fairlife produces Ultra‑Filtered Milk, Core Power Protein Shakes, and Nutrition Plan products sold in the United States. With U.S. production temporarily suspended, retailers and consumers may see short‑term supply effects if the suspension continues, though Coca‑Cola reports Canadian production is not affected and product safety has not been compromised.

Coca‑Cola provided channels for confidential tips about the incident, listing Signal at 646‑961‑3731 and an email, tips@bleepingcomputer.com, as points of contact in the public reporting. For now, the immediate facts are straightforward: an unauthorized access tied to a ransomware attack disrupted Fairlife's U.S. production; remediation and investigation are underway; and key questions about data theft, extortion demands, and attribution remain open. How soon those questions are answered will determine whether the operational pause becomes a short interruption or a wider corporate and market concern.

Original reporting: https://www.bleepingcomputer.com/news/security/coca-cola-says-fairlife-ransomware-attack-halts-us-dairy-production/