close
close
  • February 18, 2025
Krispy Kreme reveals a cyber attack that disrupts online orders

Krispy Kreme reveals a cyber attack that disrupts online orders

International donut chain Krispy Kreme announced a security incident on Wednesday, which the company said has “caused certain operational disruptions, including online ordering in parts of the United States.”

Krispy Kreme announced the cyber attack in an 8-K filing with the SEC. The company said it was “made aware of unauthorized activity on a portion of its information technology systems” on November 29 and has taken steps to “investigate, contain and remediate the incident” with the assistance of cybersecurity experts.

The company said stores around the world are open and there is no disruption in deliveries to retail and restaurant partners, but disclosed the aforementioned disruptions in the United States.

“The company, along with its third-party cybersecurity experts, continues to work diligently to respond to the incident and mitigate its impact, including the recovery of online orders, and has notified federal law enforcement,” the company wrote. “As the investigation into the incident is still ongoing, the full extent, nature and impact of the incident are not yet known.”

When reached for comment, Krispy Kreme spokesperson Cassie Beem sent a statement repeating the language in the 8-K filing. Beem did not respond to a series of questions about whether this incident was a ransomware attack, whether hackers stole employee or company data and how exactly the incident is disrupting operations and online ordering.

Krispy Kreme said in the filing that the incident is “reasonably likely to have a material impact” on the company’s business until recovery.