The Coca-Cola Company disclosed on July 16, 2026 that its Fairlife dairy subsidiary suffered a ransomware attack that temporarily suspended all US production operations. The disclosure was made via a Form 8-K filing with the SEC — the mandatory "material event" disclosure used when a cybersecurity incident may have material financial impact.
Fairlife, LLC — acquired by Coca-Cola in 2020 — produces Ultra-Filtered Milk, Core Power high-protein shakes, and Nutrition Plan beverages, representing an estimated $4 billion in annual sales.
What Happened
Coca-Cola confirmed that a third party obtained unauthorized access to a portion of Fairlife's systems, including production-related systems, in connection with a ransomware event. Upon detection:
- Incident response and business continuity protocols were immediately activated
- External cybersecurity experts and outside advisors were engaged
- Law enforcement was notified
- All US Fairlife production operations were temporarily suspended
Canadian production was not impacted. Coca-Cola stated that product quality and safety have not been compromised.
Threat Actor
No ransomware group has publicly claimed responsibility as of July 16, 2026. Coca-Cola has not disclosed which threat actor is behind the attack, whether a ransom was demanded, or whether data exfiltration occurred. BleepingComputer contacted Coca-Cola directly and received no additional details beyond the public SEC filing.
Given standard ransomware extortion playbooks, a ransom demand and potential data leak threat may follow if negotiations fail.
Business Impact
The timing compounds Coca-Cola's exposure:
- Q2 2026 earnings are scheduled for July 28, 2026 — less than two weeks from disclosure
- Fairlife products are among Coca-Cola's fastest-growing North American brands
- Inventory depletion timelines depend on how long the production halt lasts; prior ransomware attacks on food manufacturers (Arizona Beverages in 2019, UNFI) caused disruptions lasting weeks with downstream retail shelf impacts
The company stated it "has not yet determined whether the incident will have a material financial impact," which is the standard 8-K qualifier while investigation is ongoing.
Context: Ransomware Against Food and Beverage
The Fairlife attack follows a pattern of ransomware actors targeting operational technology (OT) environments in food manufacturing, where production downtime creates immediate financial pressure and accelerates ransom negotiation timelines. High-profile precedents include:
- JBS Foods (2021) — world's largest meat producer; paid $11M USD ransom after US and Australian plant shutdowns
- Dole (2023) — North American operations disrupted; fresh vegetables recalled from stores
- Pilgrim's Pride (2020) — chicken processing disrupted across multiple US plants
The food and beverage sector is frequently targeted due to OT/IT convergence vulnerabilities, thin IT security budgets relative to revenue, and high consumer and supply chain visibility that intensifies public pressure.
What to Watch
- Whether a ransomware group claims responsibility and what data — if any — was exfiltrated
- Fairlife production resumption timeline and downstream retail availability
- Coca-Cola's Q2 2026 earnings call on July 28 for financial impact assessment
- Whether any SEC cyber disclosure rules trigger additional mandatory filings