Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation

The doughnut and coffeehouse chain confirmed a cyberattack took out parts of its online ordering system in parts of the United States.

Donut and coffee retail chain Krispy Kreme on Wednesday confirmed a cyberattack led to operational disruptions of operations, including its online ordering system.

The North Carolina company posted a message on its website referencing a “cybersecurity incident” but did not share any additional details.

The incident has all the hallmarks of a data-extortion ransomware attack that forces IT departments to take sensitive computer systems offline.

Full Krispy Kreme statement:

“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States. We know this is an inconvenience and are working diligently to resolve the issue.”

“We immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts and other advisors.”

The company notified the Securities and Exchange Commission (SEC) of the incident in an 8-K filing that dates the incident to November 29, 2024.

“On November 29, 2024, Krispy Kreme, Inc. was notified regarding unauthorized activity on a portion of its information technology systems. The Company immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts,” the company said.

Advertisement. Scroll to continue reading.

“The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement. As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known,” Krispy Kreme added.

The multinational company said the incident “is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed” and noted that it has cybersecurity insurance that is expected to offset a portion of the costs of the incident.

Krispy Kreme has operations in 30 countries with a network of doughnut and coffee shops, retail partnerships and an e-commerce and delivery business.

Related: Cleo Vulnerability Exploitation Linked to Termite Ransomware Group

Related: Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day

Related: Deloitte Responds After Ransomware Group Claims Data Theft

Related: Adobe Patches Over 160 Vulnerabilities Across 16 Products

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.