Coca-Cola halted Fairlife production in the US — ransomware reached the factory floor
Coca-Cola temporarily suspended production at its Fairlife dairy brand in the United States after a ransomware attack hit systems connected to production. Canadian operations were not affected.
Not a breakdown, not a strike: a cyberattack stopped the lines. Coca-Cola told US regulators on Thursday that Fairlife, its milk and protein-drinks brand, has temporarily suspended production in the United States after ransomware reached company systems — including ones tied to production.
What happened at Fairlife?
According to the filing submitted to the SEC, Fairlife identified unauthorised third-party access to a portion of its systems as part of a ransomware event. The response followed the playbook: incident-response and business-continuity protocols activated, outside cybersecurity experts brought in, and whatever needed unplugging got unplugged — with US production pausing in the process. Canadian operations were not affected, and the company says product quality and safety are not at risk.
Markets reacted the way markets do: Coca-Cola shares slipped during the session as investors tried to price how long the stoppage might last — the investigation is ongoing and no restart date has been announced. The official document is in the SEC’s archive.
Why does this matter beyond milk?
Because it confirms the year’s trend: ransomware has moved on from stealing data to stopping factories. Hitting production systems is now the fastest way to turn an IT problem into an empty-shelf problem — the same pattern we saw when an autonomous AI agent ran a ransomware attack end to end. For a consumer-goods giant, every idle day is money that never comes back.
Fairlife has been one of Coca-Cola’s recent growth engines in the US. When the target is the engine, the attack is never small.
By Beatriz Mota
Image: Alex Proimos from Sydney, Australia / Wikimedia Commons (CC BY 2.0)