Krispy Kreme Hacked, Attackers Gain Unauthorized Access to IT Systems

Krispy Kreme, the iconic doughnut chain, has become the latest victim of a cyberattack that has disrupted its online ordering system in parts of the United States.

The company first detected unauthorized activity on its IT systems on November 29, prompting immediate action to contain and investigate the breach.

While Krispy Kreme’s physical stores remain operational and deliveries to retail and restaurant partners are unaffected, online ordering—a significant revenue stream—has been partially disabled.

This disruption has caused frustration among customers who rely on digital platforms for convenience. “I couldn’t order my usual dozen for my family breakfast,” lamented Mary Carter, a loyal customer from Texas. “It’s more than just donuts; it’s part of our routine.”

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

In a regulatory filing, Krispy Kreme acknowledged that the incident is having a “material impact” on its business operations. Digital sales account for approximately 15.5% of the company’s revenue, making this outage particularly damaging during the busy holiday season.

Analysts estimate a potential 12% dip in online sales during this period, compounded by costs associated with cybersecurity experts and system restoration efforts.

The company has engaged leading cybersecurity professionals to investigate and remediate the attack while notifying federal law enforcement.

However, the full scope and nature of the breach remain unclear as the investigation continues. Notably, no customer payment data has been reported compromised at this stage.

Krispy Kreme has emphasized its commitment to swiftly resolving the issue. “We are working tirelessly to restore our systems and ensure our customers can once again enjoy seamless online ordering,” a company spokesperson stated.

The financial implications are expected to be significant but manageable in the long term. The company holds cybersecurity insurance to offset some costs related to recovery efforts.

Despite this, Krispy Kreme’s stock price fell by 2% following news of the breach, reflecting investor concerns over the immediate impact on operations.

This incident highlights growing vulnerabilities in digital infrastructures across industries. As Krispy Kreme works to recover, experts predict increased scrutiny of its cybersecurity measures moving forward.

For now, customers can still enjoy Krispy Kreme’s offerings through in-person purchases at its 400 U.S. locations or via deliveries to grocery stores and restaurant partners like McDonald’s.

However, restoring full digital functionality remains a top priority for the company as it seeks to rebuild customer trust during this challenging time.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free