Krispy Kreme, the popular doughnut chain, has disclosed that it was hit by a cyberattack in late November. The incident has disrupted the company’s online ordering systems in parts of the United States. Customers have reported being unable to place orders through the Krispy Kreme website due to the hack.
The company revealed the attack in a regulatory filing with the US Securities and Exchange Commission (SEC) on Wednesday. In the filing, Krispy Kreme stated that the incident is “reasonably likely” to “have a material impact” on its business operations. However, the company clarified that its brick-and-mortar shops remain open for business.
A message on the Krispy Kreme website reads, “We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States. We know this is an inconvenience and are working diligently to resolve the issue.”
The company said it took immediate steps to investigate and contain the incident and has brought in cybersecurity experts to assist in the response and mitigation efforts.
Cyberattack disrupts online orders
This includes working to restore the affected online ordering systems. As of now, no groups have publicly claimed responsibility for the cyberattack on Krispy Kreme. The company, which has more than 1,400 shops worldwide, including 120 locations in the UK, is a significant player in the specialty doughnut market.
Krispy Kreme’s SEC filing mentioned that it has cybersecurity insurance, which it expects will offset a portion of the costs associated with the incident. These costs are expected to arise from the loss of digital sales, fees for the hired experts, and the restoration of impacted systems. Cybersecurity experts, such as Spencer Starkey from SonicWall, emphasize the importance of businesses having robust plans in place to respond to cyberattacks.
Starkey noted that the proliferation of such incidents in 2024 demonstrates that hackers are willing to target any organization. Meanwhile, social media users have taken a more lighthearted approach to the news, with some jokingly calling for severe punishments for anyone who messes with Krispy Kreme and others expressing disbelief that cybercriminals would target the beloved doughnut chain.
