Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

Coca-Cola dairy subsidiary pauses operations following ransomware attack

Soft drink giant Coca-Cola has disclosed a ransomware attack impacting one of its subsidiaries.

Fri, 17 Jul 2026
Coca-Cola dairy subsidiary pauses operations following ransomware attack

The company revealed that its fairlife dairy subsidiary had been breached, leading to operations being stunted. Fairlife is a producer of protein shakes, nutrition drinks and ultra-filtered milk products.

“On July 16, 2026, The Coca-Cola Company (the ‘company’) announced that fairlife, LLC (‘fairlife’), a dairy company owned by the company, identified unauthorised access by a third party to a portion of its systems, including its production-related systems, in connection with a ransomware event,” Coca-Cola said in a Form 8-K disclosure filing with the US Securities and Exchange Commission (US SEC).

“Product quality and safety have not been impacted. However, as a result of the incident, production operations at fairlife in the United States are temporarily suspended. Fairlife’s Canada production operations are not currently impacted.”

 
 

Coca-Cola said it is currently investigating the incident and is working to restore systems that are offline. It is currently unaware of the full impact of the incident and, as such, is unable to determine whether the incident will materially impact the company.

“After detecting the issue, the company promptly activated its incident response and business continuity protocols. The company’s investigation and assessment of the impact of the incident is ongoing, with the assistance of outside advisors and cyber security experts. The company has also notified law enforcement,” the statement said.

Coca-Cola did not disclose if any data had been stolen in the incident following questioning from BleepingComputer, nor has Cyber Daily observed a threat actor taking responsibility for the incident.

Last year, a pair of threat actors claimed cyber attacks on two Coca-Cola partners.

The Everest ransomware gang claimed to have hacked the Coca-Cola Company itself in a 22 May 2025 post to its darknet leak site, stating it had the records of 959 employees, including personal data and “internal and confidential information”.

Included in the post were details that suggested that Coca-Cola was not in fact the victim, but rather its Middle Eastern bottling partner, the Coca-Cola Al Ahlia Beverages Company, headquartered in Dubai, and which trades publicly as Gulf Coca-Cola Beverages. Multiple members of the Emirati royal family are major shareholders in the company’s parent organisation, the Al Ahlia Group.

Included in the leaked post were employee details, passport scans that appear to belong to a pair of minors related to a senior executive in the company and other corporate data.

At the same time, a threat actor known as Gehenna has claimed a similar hack, this time to Coca-Cola Europacific Partners. Rather than a ransomware attack, this appears to be a straight-up data breach, with the hacker posting details of the breach to a hacking forum and selling the data to the highest bidder.

“Today, we are selling the Salesforce database of Coca-Cola Europacific Partners,” Gehenna said in their post.

According to the forum post, this breach compromised 23 million records from the company’s Salesforce database dating back to 2016, including 7.5 million Salesforce accounts, 9.5 million customer service cases, 6 million contact entries, and 400,000 product records. The total size of the data is just over 63 gigabytes.

Gehenna also claimed to “have more where that came from”.

Salesforce told Cyber Daily that its systems were secure despite the hacker’s claims.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.