Krispy Kreme Doughnuts Discloses Cyberattack Affecting Online Operations

Doughnut retailer Krispy Kreme has announced it experienced a cyberattack that affected its digital platforms. This incident, which took place in late November but was only recently made public, has prevented some customers in the US from placing orders online. The company disclosed the attack on Wednesday through a regulatory submission to the US Securities and Exchanges Commission (SEC). It indicated that the event was “reasonably likely” to “have a material impact” on its commercial activities, though it confirmed that its physical retail locations continue to operate. A statement on the Krispy Kreme website reads: “We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” adding, “We know this is an inconvenience and are working diligently to resolve the issue.” In a statement provided to the BBC, the company affirmed that it “immediately” initiated measures to examine and control the situation, and has engaged external cybersecurity specialists. The firm further stated: “We, along with them, continue to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering.” As of now, no organizations have publicly claimed responsibility for the cyber intrusion. Krispy Kreme operates as a major chain within the US, boasting over 1,400 outlets globally. While its presence in the UK is comparatively smaller, its 120 establishments position it as the leading specialty doughnut vendor in that nation. In its SEC submission, Krispy Kreme confirmed that it possesses cybersecurity insurance, anticipating it “to offset a portion of the costs.” The company projected these expenses would stem from diminished online revenue, charges for the engaged experts, and the recovery of affected systems. Throughout 2024, cyberattacks have led to significant disruptions, affecting critical infrastructure such as healthcare facilities and transportation networks. Spencer Starkey, associated with the cybersecurity company SonicWall, remarked: “The proliferation of cyberattacks in 2024 shows that hackers are willing to target anything and everything.” He further emphasized, “It’s vital every single business has a robust roadmap in place to deploy if and when an attack happens.” Nevertheless, the incident has been met with a somewhat less serious reaction on social media platforms. On X, one user humorously commented, “Anyone messing with Krispy Kreme should be jailed for life,” while another posted, “Cybercriminals, you’ve gone too far this time.” Copyright 2024 BBC. All rights reserved. The BBC disclaims responsibility for the content of external websites. Information regarding its approach to external linking is available.