Fairlife ransomware attack turns cyber risk into a production shutdown
Coca-Cola temporarily halted Fairlife’s US dairy production after unauthorised access reached systems connected with manufacturing operations.

Coca-Cola temporarily suspended Fairlife’s US dairy-production operations after a cyberattack reached systems connected with manufacturing. The incident shows how ransomware can move beyond stolen files and interrupt physical supply chains.
What happened
A third party gained unauthorised access to Fairlife systems associated with production. Coca-Cola activated incident-response procedures, notified law enforcement and brought in external cybersecurity specialists.
US production was paused while the company investigated and restored systems. Canadian operations remained active. Coca-Cola said product quality and safety were not affected, but it did not immediately disclose the complete scope of compromised data, the precise attack path or how long the disruption would last.
Why it matters
Manufacturing companies rely on operational technology, scheduling, quality-control and logistics systems that cannot always be restored as easily as office laptops. If those systems are connected poorly or lack tested recovery processes, a cyberattack can stop production even when the physical machinery itself is intact.
For a high-volume food business, downtime can quickly affect inventory, retailers and suppliers.
The bigger picture
Ransomware defence increasingly requires business-continuity planning, not only prevention. Manufacturers need network segmentation between corporate and production environments, offline backups, manual fallback procedures and rehearsed recovery plans.
The Fairlife incident is a reminder that the economic cost of cybercrime includes lost output and disrupted operations, not merely ransom payments or data-breach expenses. The eventual impact will depend on how quickly production resumes and whether further systems or data were compromised.
