Overview
Fairlife, the premium dairy company and Coca-Cola subsidiary known for its ultra-filtered milk products, protein shakes, and Core Power nutrition drinks, has suspended production at its U.S. manufacturing facilities following a cyber incident. The disruption affects plants in Michigan, New York, and Arizona — the core of Fairlife's domestic production network.
The company has not disclosed the nature of the attack, but the decision to halt production suggests the incident may have impacted operational technology (OT) or manufacturing execution systems critical to plant operations.
Company Background
Fairlife is a major player in the U.S. premium dairy segment:
- Founded: 2012, as a joint venture between Coca-Cola and Select Milk Producers
- Fully acquired by Coca-Cola in 2020
- Products: Ultra-filtered milk, Core Power protein shakes, fairlife YUP! beverages, Smart Snacks
- Revenue: Retail sales surpassed $1 billion in 2022, making it one of the fastest-growing brands in Coca-Cola's portfolio
- Production footprint: Multiple large-scale processing plants across the U.S.
The Incident
Details released publicly so far are limited. Fairlife confirmed it is investigating a cyber incident that prompted the suspension of production at its U.S. operations. The company has not confirmed:
- The type of attack (ransomware, intrusion, or otherwise)
- Whether customer or employee data was accessed
- A timeline for resuming operations
The production halt follows a pattern seen in several high-profile attacks on food and beverage manufacturers, where cyber incidents can directly trigger physical operational shutdowns — either through direct OT system compromise or as a precautionary measure to contain spread.
Why Food and Beverage Is a Target
The food and agriculture sector has become an increasingly attractive target for cybercriminals and ransomware groups for several reasons:
High Disruption, High Pressure to Pay
Food manufacturers operate on tight production schedules with perishable inputs and contractual delivery obligations. Downtime translates directly to spoiled product, retailer shortfalls, and contractual penalties — creating strong pressure to restore operations quickly and potentially pay ransoms.
OT/IT Convergence
Modern food processing facilities rely on tightly integrated IT and OT systems: ERP platforms managing inventory and scheduling are increasingly connected to manufacturing execution systems (MES) and industrial control systems (ICS). Compromising the IT layer can cascade into production halts.
Supply Chain Visibility
Large brands like Fairlife are deeply embedded in national supply chains, making them high-visibility targets. A disruption at Fairlife has downstream effects on retailers, gym chains, and meal prep services that stock its products.
Precedents
- JBS Foods (2021): Ransomware by REvil forced North American beef production shutdowns; $11M ransom paid
- Dole (2023): Cyberattack disrupted salad production and caused product shortages on store shelves
- Molson Coors (2021): Ransomware disrupted brewing and shipment operations for weeks
Operational Technology Security Considerations
If the Fairlife incident follows the pattern of similar attacks on food manufacturers, the following OT/IT security considerations are likely relevant:
- Network segmentation failures: Many food processing facilities lack adequate segmentation between IT corporate networks and OT production networks, allowing lateral movement
- Legacy industrial systems: Processing equipment often runs outdated software with limited patching cycles
- Remote access exposure: COVID-era remote monitoring and management tools for OT systems expanded attack surfaces
- Backup system integrity: Whether OT configurations and historian data are backed up offline determines how quickly operations can be restored
What to Watch
- Official disclosure from Fairlife or Coca-Cola regarding the nature and scope of the incident
- Any regulatory filings (SEC 8-K from The Coca-Cola Company if material)
- Timeline for production resumption and potential supply impacts
- Whether the incident involves a known ransomware group claiming responsibility
The Fairlife incident is a reminder that cyber risk in critical food infrastructure is not theoretical — it directly affects physical production and, ultimately, consumer supply chains.