Fairlife Halts U.S. Operations After Ransomware Attack Compromises Production Systems

Chicago-based dairy company Fairlife paused U.S. production after its systems were breached in a ransomware attack.

Fairlife, maker of ultra-filtered milk and Core Power protein shakes, is a subsidiary of the Coca-Cola Co.

The company said Thursday that the breach included parts of Fairlife’s production systems, but product quality and safety were not affected. However, “the full scope, nature and impacts of the incident are not yet known,” according to its news release. Fairlife’s production in Canada is unaffected.

The company is investigating and assessing the incident with the help of cybersecurity experts and has notified law enforcement. It’s working to restore systems and operations.

There was no update as of Friday afternoon, a Coca-Cola spokesperson said.

Fairlife was founded in 2012 and bought by Coca-Cola in 2020. It’s headquartered in the West Loop and has facilities in Michigan, Arizona, New York and New Mexico.

Fairlife’s annual retail sales exceed $3 billion, according to its website.

Companies and Chicago-area institutions have faced a number of cyberattacks.

In June, Evanston Township High School was hit with a ransomware attack that forced it to temporarily cancel summer classes, sports camps and other on-campus activities.

In May, a cyberattack on the online learning platform Canvas caused disruptions at many Illinois colleges and schools. Canvas’ temporary shutdown forced the University of Illinois Urbana-Champaign to postpone some exams and assignments.

Fairlife, the milk producer owned by Coca-Cola and based in Chicago, has temporarily halted all manufacturing across the United States following a ransomware cyberattack. The company announced the security breach on Thursday after determining that unauthorized individuals had infiltrated critical components of its production infrastructure.

The company produces ultra-filtered milk and Core Power protein beverages, which generate approximately $3 billion annually in U.S. retail sales. Despite assurances that product safety has not been compromised, Fairlife acknowledged that investigators have yet to fully understand the scope and consequences of the breach.

Fairlife issued a statement saying the “full scope, nature and impacts of the incident are not yet known.” Manufacturing at its Canadian facilities continues uninterrupted as the company pursues its investigation.

The company has engaged cybersecurity specialists to examine the breach and has reported the incident to law enforcement agencies. Restoration efforts are underway to bring systems back online and resume full operations.

As of Friday afternoon, neither Fairlife nor parent company Coca-Cola had provided a timeline for returning U.S. production to normal capacity or disclosed specific remediation measures.

Fairlife was founded in 2012 and integrated into Coca-Cola’s portfolio in 2022. The company operates its headquarters in Chicago’s West Loop and maintains production facilities in Michigan, Arizona, New York, and New Mexico.

The attack adds to a growing list of cybersecurity incidents affecting the Chicago region. Evanston Township High School fell victim to ransomware in June that disrupted summer programming, while a May attack on Canvas educational software forced the University of Illinois Urbana-Champaign to reschedule final exams and affected numerous Illinois schools.