Data Breach at Krispy Kreme: Cybersecurity Incident Impacts Online Operations

The international donut chain Krispy Kreme has reported a cybersecurity incident that resulted in “certain operational disruptions, including issues with online ordering in some regions of the United States.”

According to the company’s official filing with the U.S. Securities and Exchange Commission (SEC), unauthorized access to a portion of Krispy Kreme’s IT systems was detected on November 29. The company immediately engaged cybersecurity experts to investigate, remediate, and mitigate the incident’s impact.

Despite the challenges, Krispy Kreme stores worldwide continue to operate, and product deliveries to retail locations and restaurants remain unaffected. However, online ordering services in the United States are temporarily unavailable.

The company stated that it is actively addressing the incident’s aftermath, working to restore online ordering capabilities, and has notified federal law enforcement authorities. The full scope, nature, and consequences of the attack have yet to be determined.

In an official statement, a company spokesperson confirmed the previously disclosed details but declined to specify whether the incident involved a ransomware attack, whether employee or corporate data was compromised, or which specific processes were affected.

Nevertheless, Krispy Kreme acknowledged in its report that the incident has had, and is likely to continue to have, a significant impact on the company’s business operations until systems are fully restored.