logo

Krispy Kreme cybersecurity incident disrupts online ordering

Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and Exchange Commission (SEC) has revealed that the company has suffered a “cybersecurity incident”.

The company was notified about unauthorized activity on a portion of its information technology systems on November 29, 2024, and began to investigate and remediate the incident “with the assistance of leading cybersecurity experts.”

The nature of the attack has not been revealed but the company is “experiencing certain operational disruptions, including with online ordering in parts of the United States.”

Whether the online ordering system was interfered with by attackers or was preventatively shuttered by the company is unknown.

The company made sure to note that deliveries to retail points and restaurant partners continue uninterrupted, and that the former are open and consumers can place orders in person.

The impact on the company’s bottom line

“As of [December 11, 2024], the incident has had and is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed,” Krispy Kreme stated.

“The expected costs related to the incident, including the loss of revenues from digital sales during the recovery period, fees for our cybersecurity experts and other advisors, and costs to restore any impacted systems, are reasonably likely to have a material impact on the Company’s results of operations and financial condition.

Krispy Kreme has cybersecurity insurance, which is expected to offset a portion of the costs of the incident, they noted, and said they don’t expect the incident to have a long-term material impact on the results of the company’s operations and on its general financial condition.


Free security scan for your website