Coca-Cola Halted Its $6 Billion Fairlife Milk Brand After a Ransomware Attack. Food Manufacturing's Cyber Reckoning Has Arrived
Coca-Cola has suspended all US production at Fairlife, its $6bn protein-milk brand, after a ransomware attack reached the systems that run its plants. Here is why the factory floor has become food and beverage's most expensive cyber blind spot, and what operators, investors and buyers should do about it.

Coca-Cola paid a $6.1bn earnout for Fairlife in early 2025. Eighteen months later, a ransomware crew switched the brand's entire US production off in a single afternoon.
On 16 July, Coca-Cola said it found unauthorised access to part of its network, including the systems that run Fairlife's plants. It suspended US production while it investigates. Canada is still running. The company says product quality and safety are fine, that it has brought in outside cyber experts, and that it has told law enforcement. It also said the full scope of the attack is not yet known.
No ransomware group has claimed the hit. Coca-Cola has not said whether data was stolen or whether it is being asked to pay. The point for the rest of the industry is simpler: an attacker reached the factory floor, and the factory stopped.
Why Fairlife is a bad brand to lose
Fairlife is no side project. It makes ultra-filtered milk, the Yup flavoured range, and Core Power protein shakes. It is one of Coca-Cola's fastest-growing brands and passed $1bn in annual retail sales years ago. Protein is the hottest thing in the chiller right now, and Fairlife sits in the middle of it.
Coca-Cola knows what it is worth. It took full ownership in 2020, then paid that $6.1bn earnout in early 2025 as sales flew past the targets. In March 2026 it committed another $650m to add production lines at its Coopersville plant in Michigan, with a new site in New York state due to start this year. A company does not spend like that on a brand it can afford to leave offline.
The factory floor is the new target
For years, cyber risk in food meant stolen email and leaked customer data. That has changed. Attackers now go after the operational systems that run the machines, because a stopped plant creates the most pressure to pay fast.
We have seen this before. In 2021, a ransomware attack shut JBS meat plants across the US, Canada and Australia, and the meat giant paid an $11m ransom to get moving again. A Japanese food group was hit by a separate cyberattack the same week as Fairlife. Each of these hits followed the same logic: stop the line, and the clock starts working for the attacker. Food and drink makers have become prime targets, because their plants are perishable and hard to run by hand.
The ransom is the small number
The cheque to the hackers is rarely the real cost. The damage is the lost output and the empty shelves it leaves behind, as shoppers grab a rival tub because the usual one is missing.
Fairlife is chilled and dated, so lost days cannot be clawed back later the way a can of soda can. In a category growing this fast, a two-week gap on shelf is an open invitation for every protein rival to take the space. The longer the US lines stay down, the more that hidden cost climbs past anything a ransom would have been.
What buyers and boards should take from this
Three things change after an attack like this one. Cyber stops being an IT line item and becomes a board-level operational risk, sitting next to supply and commodity cost. Buyers and private equity start pricing plant security into deals, because a target with weak factory systems carries a hidden liability. And resilience spending, from backup capacity to tested recovery plans, starts to look like normal capex.
Coca-Cola will get Fairlife back. It has the cash and the expertise to recover. The lasting lesson is that the most valuable brand in your portfolio is only as strong as the software running its production line. The companies that treat that as a strategic exposure will be the ones still shipping when the next attack lands.
Strategic Insights
π Analytics & Strategic Insight
Cybersecurity has quietly become a supply-chain and M&A risk, and most food boards still treat it as an IT problem
The decision most in this industry are avoiding:
π The stopped production line is the real exposure here. A leaked customer file is embarrassing; a frozen line empties shelves and hands share to rivals in days.
π Your best brand is your most fragile one. The faster a brand grows, the more it runs on tightly linked, automated plants with almost no slack, so an outage there costs the most.
π The ransom is a rounding error next to the lost sales. Boards plan for the payment and ignore the downtime, which is where the real money goes.
Here's the full context:
β 2012: Fairlife is founded by Mike and Sue McCloskey through a partnership with Coca-Cola and dairy co-op Select Milk Producers.
β 2020: Coca-Cola takes full ownership of Fairlife, betting on ultra-filtered milk and Core Power protein shakes as protein demand climbs.
β 2021: A ransomware attack shuts JBS meat plants across three continents; JBS pays an $11m ransom. The food sector's factory-floor risk is out in the open.
β March 2026: Coca-Cola commits another $650m to expand Fairlife production, after a $6.1bn earnout in early 2025 confirmed it as a crown-jewel brand.
β Most recent: On 16 July 2026, a ransomware attack forces Coca-Cola to suspend all US Fairlife production; Canada keeps running and the full scope is still unknown.
What this means for food and beverage operators and investors:
β Treat cyber as an operational risk, not an IT cost. It belongs on the same board dashboard as commodity price and supply security.
β Price plant security into every deal. A target with weak factory systems carries a hidden liability that shows up the first time a line goes down.
β Resilience is now capex. Backup capacity and tested recovery plans protect revenue the same way a second supplier protects a commodity.
3 moves you can make this week:
1οΈβ£ Map your single points of failure. List the brands and SKUs that depend on one plant or one system, and rank them by revenue at risk.
2οΈβ£ Pressure-test one plant going dark. Run a tabletop exercise: if this site stopped today, how long until shelves empty and who takes the space?
3οΈβ£ Add cyber to your deal checklist. Before you buy or invest, review a target's factory-system security the way you review its balance sheet.
Take the Next Step
π§ Facing a decision like this in your own category?
Describe it in a few lines. Selected enquiries receive an initial strategic assessment: direction, likely scope and indicative investment range.
β Start a project enquiry
Zenith Consulting
Submit your food & beverage project enquiry.
Share your requirements. If there is a strong fit, weβll come back with an indicative investment range, project timeline and recommended strategic approach.
Reviewed by Zenith Consultingβs senior food & beverage strategy team.
Related analyses
- M&A, Investment & Valuation
Coca-Cola Couldn't Sell Costa Coffee at Half Price. Now It's Bringing In the Turnaround Firms
Coca-Cola paid $4.9bn for Costa Coffee in 2019, then tried to offload it for about $2bn and found no buyer. Now it has hired restructuring specialists and new leaders to fix the coffee chain it cannot sell.
Read analysis β - M&A, Investment & Valuation
C4 Maker Nutrabolt Files for a $1 Billion IPO. In Energy Drinks, Almost Everyone Else Sold
Nutrabolt, the maker of C4, has hired three banks for an IPO that could raise up to $1 billion. In a category where almost every big independent has been bought, going public is the road less taken.
Read analysis β - M&A, Investment & Valuation
Big Food's Regenerative Agriculture Report Card: Investors Find Fewer Hard Targets and Not One Pesticide Pledge
Investor network FAIRR scored 78 food companies with $3.3 trillion in combined sales and found regenerative agriculture targets went backward, with zero pesticide-reduction pledges. Days earlier the industry launched its first third-party verification framework, so the gap between claiming and proving is now measurable.
Read analysis β
Share it with your peers
Pass this analysis to colleagues who track the food and beverage market.
Zenith Market Intel
Need a specific food or beverage market report?
Tell us which category, region or question would be useful for your team.
Sister Publication
Also follow our Water Dispense Market Intelligence
Category analyses, operator briefings, and investor signals across the global water dispense market.