Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation

The doughnut and coffeehouse chain confirmed a cyberattack took out parts of its online ordering system in parts of the United States.

Donut and coffee retail chain Krispy Kreme on Wednesday confirmed a cyberattack led to operational disruptions of operations, including its online ordering system.

The North Carolina company posted a message on its website referencing a “cybersecurity incident” but did not share any additional details.

The incident has all the hallmarks of a data-extortion ransomware attack that forces IT departments to take sensitive computer systems offline.

Full Krispy Kreme statement:

“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States. We know this is an inconvenience and are working diligently to resolve the issue.”

“We immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts and other advisors.”

Advertisement. Scroll to continue reading.

The company notified the Securities and Exchange Commission (SEC) of the incident in an 8-K filing that dates the incident to November 29, 2024.

“On November 29, 2024, Krispy Kreme, Inc. was notified regarding unauthorized activity on a portion of its information technology systems. The Company immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts,” the company said.

“The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement. As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known,” Krispy Kreme added.

The multinational company said the incident “is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed” and noted that it has cybersecurity insurance that is expected to offset a portion of the costs of the incident.

Krispy Kreme has operations in 30 countries with a network of doughnut and coffee shops, retail partnerships and an e-commerce and delivery business.

Related: Cleo Vulnerability Exploitation Linked to Termite Ransomware Group

Related: Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day

Related: Deloitte Responds After Ransomware Group Claims Data Theft

Related: Adobe Patches Over 160 Vulnerabilities Across 16 Products

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.