Krispy Kreme has confirmed that a cyberattack has caused significant disruption to its online ordering system, leading to operational challenges in parts of its US operations. The doughnut chain, which operates across 36 countries, reported the breach on 29 November 2024, stating that unauthorised activity had been detected within its IT systems.
In a filing to the US Securities and Exchange Commission (SEC), Krispy Kreme revealed that while its physical stores remain operational and continue to offer in-person orders, its online services have been severely impacted. Customers in certain regions have been unable to place digital orders, and the company has notified federal law enforcement of the breach. Despite these setbacks, Krispy Kreme’s daily deliveries to retail and restaurant partners have not been affected.
Physical stores unaffected but online services disrupted
The company’s IT teams, in collaboration with third-party cybersecurity experts, have launched an investigation into the nature and scale of the attack. Efforts are ongoing to contain and mitigate the disruption, with plans to restore online ordering services as soon as possible. However, Krispy Kreme has warned that the incident could have a lasting effect on its business operations, particularly in the short term, as the recovery process unfolds.
“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” the company stated on its website. “We know this is an inconvenience and are working diligently to resolve the issue.
“We immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts and other advisors. We’ll have our online ordering up as soon as we can.”
Notably, no ransomware groups have claimed responsibility for the attack, even after nearly two weeks. Despite these immediate financial challenges, Krispy Kreme is confident that the long-term impact on its overall operations and financial condition will be minimal. The company reassured investors that it does not anticipate this incident causing lasting harm to its business.
Stock market reactions to the breach were swift, with Krispy Kreme’s share price falling by 2% following the announcement of the cyberattack. The company’s 2023 revenue stood at $1.7bn, with a workforce of over 22,000 employees. Krispy Kreme operates more than 1,500 stores globally and has partnerships, including one with McDonald’s, expanding its presence across a variety of locations.
Read more: Blue Yonder ransomware attack disrupts supply chains across UK and US
