Krispy Kreme has revealed that the data breach resulting from the ransomware attack that targeted the company in late 2024 impacted more than 161,000 people.
The donut and coffee retail chain disclosed the cyberattack, which led to operational disruptions, on December 11. The Play ransomware group later took credit for the attack, claiming to have stolen corporate documents and personal information.
The hackers allegedly stole 184 Gb of data, which they leaked on their website after Krispy Kreme likely refused to pay a ransom.
The company recently started sending out notification letters to the people whose information was stolen in the attack, pointing out that a majority are current and former employees and their families.
Krispy Kreme has approximately 20,000 employees and the company informed the Texas Attorney General that nearly 7,000 Texans are affected.
The donut chain has informed the attorney generals in several states about the data breach, but in most cases it did not have to provide information on the total number of impacted individuals.
However, in the case of the Maine Attorney General, which requires companies to share the total number of people affected by a data breach, it revealed that 161,676 individuals are affected.
Krispy Kreme’s investigation showed that information such as name, date of birth, Social Security number, driver’s license or state ID number, financial account information, payment card information, passport number, digital signature, email address and password, biometric data, US military ID number, and medical and health information was compromised.
The company said the losses caused by the incident exceeded $11 million in fiscal 2024, and they are expected to increase in 2025.
Related: Chain IQ, UBS Data Stolen in Ransomware Attack
Related: Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People
Related: Swedish Truck Giant Scania Investigating Hack
Related: Zoomcar Says Hackers Accessed Data of 8.4 Million Users
