Hackers have found a breach in Krispy Kreme Donuts’ cyber-security
Donut chain Krispy Kreme says it has been hit by a cyberattack that has disrupted its online systems.
Some customers are unable to order online as a result of the hack, which occurred in late November but has just been disclosed.
Krispy Kreme disclosed the attack in a regulatory filing with the US Securities and Exchange Commission (SEC) on Wednesday.
It said the incident was “reasonably likely” to have a “material impact” on the firm’s business operations, but clarified that brick-and-mortar shops would remain open.
“We are experiencing some operational disruptions due to a cybersecurity incident, including online ordering in some parts of the United States,” a message on the Krispy Kreme website reads.
“We know this is an inconvenience and we are working diligently to resolve this issue.”
The firm told the BBC in a statement that it had taken “immediate” steps to investigate and contain the incident and had called in cyber security experts.
“We, along with them, will continue to work diligently to respond and mitigate the impact of the incident, including the restoration of online orders,” it added.
No group has publicly claimed responsibility for the hack.
Krispy Kreme is a large chain in the US, with over 1,400 stores worldwide.
It’s small in the UK, but its 120 locations make it the largest specialty donut retailer in the country.
Krispy Kreme said in its SEC filing that it has cybersecurity insurance, which it expects to “recoup a portion of the costs.”
It said it expected these costs to arise from the loss of digital sales, the fees of experts it hired and the restoration of affected systems.
Cyber attacks this year have caused serious disruption, including to critical infrastructure hospital And transportation systems,
“The proliferation of cyberattacks in 2024 shows that hackers are willing to target anything and everything,” said Spencer Starkey of cyber-security firm SonicWall.
He added, “It is important that every business has a robust roadmap in place that can be deployed whenever an attack occurs.”
However, social media is taking the incident somewhat less seriously.
One user on X joked, “Anyone who messes with Krispy Kreme should be sentenced to life in prison.”
Another posted, “Cyber criminals, this time you went too far.”