Coca-Cola on Thursday said it is investigating a ransomware attack that impacted its Fairlife dairy unit and has suspended production at the company’s U.S. production facilities.
In a filing with the Securities and Exchange Commission, the company said it trying to determine the full scope of the attack and what impact it might have on its business. Coca-Cola said the attack has had no effect on the quality and safety of its Fairlife products, which include ultra-filtered, lactose-free milk as well as protein and nutritional shakes.
Coca-Cola acquired its remaining 57% stake in Fairlife in 2020, following a joint venture with Select Milk Producers. In March, Coca-Cola announced a $650 million investment to expand its facilities in Coopersville, Mich.
Fairlife in 2023 announced plans to open a 745,000 square-foot facility in Webster, N.Y. That facility was scheduled to open this year. Fairlife surpassed $1 billion in annual retail sales starting in 2022.
Fairlife’s Canadian operations, which were not affected by the attack, will remain open.
Ongoing probe
Company officials have notified law enforcement and are working with cybersecurity experts and other outside advisers to help restore systems to normal capacity, according to Coca-Cola.
The company has not commented on who may be behind the incidents, and cybersecurity researchers have not yet seen specific claims taking credit for the attack.
The attack marks the latest cyber incident to impact the agriculture industry, which has become a more frequent target for hackers in recent years.
Officials at the Food and Agriculture Information Sharing and Analysis Center confirmed they are aware of the attack, the latest in a growing number of attacks against the industry. Officials said the sector has been hit with about 205 attacks thus far in 2026, representing about 4.9% of all attacks.
“The food and agriculture sector has been pulled into the same broad, opportunistic targeting that hits every other sector,” Scott Algeier, executive director of the Food and Ag-ISAC, said. “While some adversaries may be targeting the sector, they scan for exposed, vulnerable systems at machine speed and determine the victim’s details after initial access.”
The agriculture sector was one of several industries impacted by attacks on tank gauges, which are used by energy, chemical and other companies to store fuel and other industrial liquids.