• 2 min read
Coca-Cola halts Fairlife US lines after ransomware hit
Coca-Cola says a ransomware attack on Fairlife forced a temporary halt to US dairy production, while Canadian operations remain unaffected.

Image: TechRadar
Coca-Cola has temporarily suspended Fairlife’s US production operations after a ransomware attack hit the dairy subsidiary’s systems, including production-related systems.
In an 8-K filing with the US Securities and Exchange Commission, the company said that on July 16, 2026, Fairlife identified unauthorized access by a third party as part of a ransomware incident.
Coca-Cola said it activated its incident response and business continuity procedures, brought in third-party cybersecurity experts, and notified relevant authorities. The company added that product quality and safety were not impacted.
The operational hit is currently limited by geography. According to Coca-Cola, Fairlife’s production operations in the United States are temporarily suspended, while its Canada production operations are not currently impacted. The company said it is working to restore affected systems and has not yet determined whether the incident is reasonably likely to materially affect the company.
Joseph Perry, cybersecurity researcher and advanced services lead at Arcova, told TechRadar Pro the financial consequences could rise quickly if the outage continues.

Recommended reading
EY says support system hack exposed client tax data
“Fairlife is not a minor business buried inside Coca-Cola’s portfolio. Coca-Cola generated nearly $48 billion in net revenue last year and made a $6.1 billion contingent payment tied to its acquisition of fairlife, which provides important context for the value of the operation now sitting idle.”
“With production suspended across fairlife’s US facilities, every hour can compound the financial impact through lost output, delayed shipments, recovery costs, inventory exposure and potential disruption for retailers. Coca-Cola has not yet quantified the loss, but the longer production remains offline, the more quickly a cyber incident becomes a material business event.”
The report was first noted via BleepingComputer.
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via TechRadar


