Coca-Cola’s fairlife dairy business suspended U.S. production Thursday after detecting unauthorized access connected to a ransomware incident. The company said product quality and safety were unaffected.
The company operates U.S. production facilities in Coopersville, Michigan; Goodyear, Arizona; and Webster, New York. Coca-Cola said production across the United States had been suspended while restoration work continued.
The Chicago-based company produces fairlife ultra-filtered milk, Core Power protein shakes and Nutrition Plan shakes. fairlife, LLC, is a wholly owned subsidiary of The Coca-Cola Co.
In a filing with the Securities and Exchange Commission, Coca-Cola said fairlife “identified unauthorized access by a third party to a portion of its systems,” including production-related systems, in connection with a ransomware event.
Coca-Cola said it activated its incident response and business continuity protocols and brought in outside advisers and cybersecurity experts. The company also notified law enforcement.
Canadian production for fairlife remained operational. Coca-Cola said it was working to complete the investigation and restore affected systems and operations.
The disruption follows a June 2025 cyberattack on United Natural Foods that interfered with grocery ordering and distribution before the wholesaler restored its core systems.
The full scope, nature and impact remained under investigation. Coca-Cola did not identify which U.S. facilities or systems were directly compromised, when the intrusion began or when it was detected. The company also did not provide a timeline for restarting U.S. production or say whether the disruption could affect product availability.
Coca-Cola did not say whether the affected production-related systems included operational technology used to run manufacturing equipment or were limited to business information technology systems that support production.
The company has not disclosed whether data was stolen, files were encrypted or a ransom demand was received. Coca-Cola also had not determined whether the incident was reasonably likely to materially affect the company.
No ransomware group had publicly claimed responsibility as of publication, and Coca-Cola had not attributed the incident to a group or individual. The filing described the intruder only as an unauthorized third party.
The company did not respond to a request for comment by publication time.