Coca-Cola has confirmed that its fairlife dairy brand halted US production following a cyber attack, bringing manufacturing operations to a standstill. This event severely disrupted the supply chain and highlights the rising risks associated with cyber threats targeting production facilities and operational technology (OT) environments.
Details of the Coca-Cola fairlife cyber attack
The cyber attack on fairlife, a Coca-Cola subsidiary known for its dairy products, occurred in early June 2024. The incident specifically affected fairlife’s US manufacturing operations, causing a complete halt in production. While Coca-Cola did not disclose the nature of the attack, the response and impact suggest a significant compromise of operational systems rather than traditional IT infrastructure.
Timeline and rapid escalation
- Early June 2024: Unusual activity detected in fairlife’s network.
- Within hours: Production systems across US facilities were disrupted, forcing a pause in manufacturing.
- Immediate aftermath: Coca-Cola announced the suspension of fairlife’s US production to prevent further damage and contain the incident.
At the time of reporting, there was no public confirmation about the specific malware or threat actor involved. However, the speed at which operations were halted indicates a likely ransomware attack or destructive malware targeting industrial control systems.
How the attack disrupted fairlife’s manufacturing
Fairlife operates several advanced dairy processing plants in the United States, relying on a mix of proprietary and industrial control systems to manage everything from pasteurisation to packaging. The attack appears to have directly impacted these operational technology environments, not just standard office networks. This disruption forced Coca-Cola to halt production entirely, as both safety and product quality could not be assured while systems were compromised.
The attack’s most significant impact was:
- Complete suspension of production lines across all US fairlife plants
- Potential disruption to distribution and supply chains for dairy products
- Uncertainty over the duration of the outage and recovery timeframes
While Coca-Cola has not provided an estimate for when operations will resume, the event highlights how a single cyber incident can cascade through manufacturing, logistics and retail partners, causing widespread knock-on effects.
Who is affected and what is known about the attackers
The main affected party is fairlife’s network of US manufacturing plants. Downstream, retailers and consumers may experience shortages of fairlife dairy products. No information has been disclosed about the attackers’ identity, their methods or whether any ransom demands were made. This lack of detail is common in the early stages of industrial cyber attacks, as investigations are ongoing and companies seek to limit reputational risk.
To date, there is no evidence that customer or partner data was compromised. The attack appears focused on disrupting operations rather than stealing data.
Current exploitation status and response measures
As of mid-June 2024, production at all fairlife US facilities remains on hold. Coca-Cola and fairlife are working with external cybersecurity experts to investigate the breach, restore affected systems and harden defences against further attacks. Relevant law enforcement and regulatory bodies have been notified. There has been no public statement regarding the payment of any ransom or the involvement of specific ransomware groups.
The incident is ongoing, and updates are expected as forensics progress. It is not yet clear whether the attackers exploited a specific vulnerability in fairlife’s OT systems, or if initial access was gained via phishing, compromised credentials or third-party supply chain compromise.
Why this manufacturing cyber attack matters
This cyber attack on Coca-Cola’s fairlife brand is a stark reminder of the vulnerabilities in industrial control and manufacturing environments. Attacks that impact OT can bring entire production lines to a halt, affecting not just a single company but also its suppliers, partners and end customers. For any organisation reliant on complex production systems, the event underlines the need for robust cybersecurity tailored to OT, not just IT.
Actions organisations should consider
- Review the segmentation between IT and OT networks to limit the impact of cyber attacks.
- Ensure incident response plans are specific to manufacturing and OT environments.
- Assess the resilience of supply chains in the event of similar disruptions.
Originally reported by Unknown.




