Play Ransomware Group Claims Responsibility for Krispy Kreme Cyberattack

The hacking group Play has claimed responsibility for the recent cyberattack on Krispy Kreme’s network, which occurred on November 29. On their leak site, Play announced that they had exfiltrated sensitive company data, including client records, accounting and financial information, as well as tax documents.

Krispy Kreme had previously disclosed a cybersecurity incident that disrupted online orders across the United States. However, the company did not confirm whether ransomware was involved or specify which data might have been affected. Representatives stated that the scope and impact of the incident are still under investigation.

In a report to the U.S. Securities and Exchange Commission (SEC), Krispy Kreme noted that steps were being taken to mitigate the incident’s effects, including engaging external cybersecurity experts. Despite the disruptions, the company’s retail locations and supply chain operations continued functioning as usual.

The Play group has threatened to release the stolen data on December 21. This aligns with their signature double-extortion strategy, where victims face additional pressure from the threat of public data exposure.

Active since 2022, the Play group has targeted approximately 300 organizations globally, including major corporations and municipalities. Experts warn that the group’s activities are becoming increasingly extensive and inflicting significant damage on businesses.

Krispy Kreme has yet to comment on Play’s claims, maintaining its previously issued statements. The investigation remains ongoing as the company focuses on restoring its online services.