Coca-Cola revealed that it is shutting down its operations for the foreseeable future, after one of its dairy subsidiaries was targeted in a ransomware attack. The beverage-maker said its production was affected, and that operations across the United States are “temporarily suspended.”
Fairlife’s operations in Canada were not affected. Coca-Cola disclosed the incident in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC).
“Product quality and safety have not been impacted. However, as a result of the incident, production operations at Fairlife in the United States are temporarily suspended. Fairlife’s Canada production operations are not currently impacted,” according to a statement by Coca-Cola.
READ: Taco Bell lettuce linked to parasite outbreak in five states (July 17, 2026)
“The company is working diligently to complete the investigation and restore the systems and impacted operations,” Coca-Cola continued.
Officials have not stated when the suspended production lines will return to normal operation, or if any sensitive employee or consumer data was compromised, Fox 5 reports.
Fairlife is known for its ultra-filtered milk, Core Power protein shakes and Nutrition Plan shakes. The dairy is one of Coca-Cola’s major brands, with an estimated $4 billion in sales by 2024.
Coca-Cola had completed its purchase of Fairlife from Select Milk Producers in 2020 in a deal worth roughly $7 billion, according to Bloomberg.
Key details about the attack remain unknown, including details about whether attackers exfiltrated data, whether a ransom demand has been made, and which threat actor carried out the attack, according to BleepingComputer. No ransomware group has claimed responsibility.
READ: Netflix shares drop 10% after earnings forecast disappoints investors (July 17, 2026)
Ransomware attacks on food and beverage companies can have a lasting effect. Past incidents have resulted in weeks-long disruptions to their respective production lines and empty grocery shelves. This includes a ransomware attack on United Natural Foods (UNFI), a major distributor of groceries to Whole Foods and other retailers, last year.
Ransomware is a type of malware that encrypts a victim’s data where the attacker demands for a “ransom,” or payment, in order to restore access to files and network. Typically, the victim receives a decryption key once payment is made to restore access to their files.
If the ransom payment is not made, the threat actor publishes the data on data leak sites (DLS) or blocks access to the files in perpetuity. It has become a prominent type of malware often targeting different sectors including government, education, financial, and healthcare sectors, with millions of dollars extorted worldwide every year.


