Hackers find hole in Krispy Kreme Doughnuts’ cyber-security
3 min read
Krispy Kreme, the popular doughnut chain, has disclosed a cyberattack that has affected its online ordering systems, primarily in the United States. The attack, which occurred in late November 2024, was only made public this week after the company filed a report with the U.S. Securities and Exchange Commission (SEC). According to the filing, the breach could have a significant impact on Krispy Kreme’s business operations, though its physical stores remain open and unaffected by the incident.
The cyberattack led to disruptions for customers trying to place orders online, particularly in certain regions of the U.S., where the company’s online ordering system was rendered inoperable. Krispy Kreme took swift action to investigate the incident and mitigate its effects, hiring cybersecurity experts to address the breach and work on restoring online services. Despite the setback, the company assured customers that physical stores were still operational, and efforts were underway to fix the issue as quickly as possible.
“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” reads a message posted on the company’s website. “We know this is an inconvenience and are working diligently to resolve the issue,” it continued. Krispy Kreme also emphasized that it had acted immediately upon discovering the breach and was doing everything in its power to address the situation.
No group or individual has publicly claimed responsibility for the hack at this time, and Krispy Kreme has not provided further details about how the attack occurred or the nature of the vulnerability exploited by the hackers. However, it did note that the cyberattack would likely result in financial losses due to the disruption of digital sales and the costs associated with hiring cybersecurity experts to assist in the recovery process. The company also stated that it has cybersecurity insurance, which will help offset some of the costs related to the breach.
With more than 1,400 Krispy Kreme locations worldwide, the doughnut chain is a major player in the global market, though it remains a smaller entity in the UK, where it operates 120 stores. Despite the smaller footprint in the UK, Krispy Kreme is the largest specialty doughnut retailer in the country. The company’s operations in the U.S. and other regions were also affected by the breach, but physical stores were not disrupted, allowing customers to continue to visit and make purchases in person.
Cyberattacks have become increasingly common and damaging in 2024, targeting not only large corporations but also critical infrastructure, such as hospitals and transportation systems. This breach at Krispy Kreme highlights the growing risk businesses face from digital threats and the need for robust cybersecurity measures. Spencer Starkey, a cybersecurity expert from firm SonicWall, commented on the rising trend of cyberattacks, noting that hackers are targeting a wide range of industries. “The proliferation of cyberattacks in 2024 shows that hackers are willing to target anything and everything,” he said. Starkey emphasized the importance of having a comprehensive cybersecurity strategy in place to mitigate the risk of such incidents.
While the breach has garnered attention in the media and among cybersecurity professionals, many social media users have made light of the situation. One user jokingly posted on X (formerly Twitter), “Anyone messing with Krispy Kreme should be jailed for life,” while another wrote, “Cybercriminals, you’ve gone too far this time.” Despite the humor, the attack has raised concerns about the growing prevalence of cybercrime and its ability to disrupt businesses of all sizes.
The cyberattack on Krispy Kreme serves as a reminder to businesses of all types that cybersecurity is a crucial aspect of operations in today’s digital age. As cybercriminals continue to evolve and develop new tactics, it is vital for companies to remain vigilant and invest in systems that can prevent, detect, and respond to such threats. Krispy Kreme’s swift action in addressing the attack and working to restore its online services demonstrates the company’s commitment to resolving the issue, but the financial implications of the breach are still unfolding.
Moving forward, Krispy Kreme will likely face challenges in rebuilding customer trust and mitigating the financial losses caused by the disruption of its digital sales channels. As the company works through the recovery process, it will also need to assess its cybersecurity infrastructure to prevent similar incidents from occurring in the future.
About The Author
