Krispy Kreme suffers hack attack

Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States.

In a mandatory SEC filing, the company explained that it became aware of "unauthorised activity on a portion of its IT systems" on November 29 2024.

Two weeks later, the security breach continues to have an impact on the company's operations, and Krispy Kreme warns that the cyber attack "is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed."

Die-hard doughnut fans reported that some stores had been temporarily closed, and that some were only accepting cash payments.

The iconic American brand which has been serving up melt-in-your-mouth doughnuts since 1937 says that its over-the-counter sales are not impacted, but some visitors to Krispy Kreme's website have been told their favourite variety of doughnuts are not available for purchase online.

Inevitably the breaking news of the cyber attack against Krispy Kreme has been impossible for internet wags to resist, with some referring to "security holes" or asking how much "dough" the hackers are demanding in ransom.

The nature of the security breach has not been shared in any detail, but there will inevitably be strong suspicions that Krispy Kreme has indeed suffered a ransomware attack

Additionally, it's likely the timing of the attack will raise eyebrows. The United States was celebrating its Thanksgiving holiday on November 28th, and it is not unusual for hackers to strike when they believe that there will be fewer IT security staff monitoring systems, and less in the way of resource to respond promptly to a cybersecurity incident.

At the time of writing there has been no confirmation from Krispy Kreme as to whether any information associated with its customers, including those who have made online orders in the past, might have fallen into the hands of cybercriminals.

Krispy Kreme says that it has cybersecurity insurance, which it expects can be used to offset a portion of the costs associated with the attack. The company has confirmed that it has called in external cybersecurity expertise to assist it in its response to the security breach.