Krispy Kreme Cyberattack Alert | Latest Update

tates,” the company said. “We know this is an inconvenience and are working diligently to resolve the issue. We immediately began taking steps to investigate, contain and remediate the incident with the assistance of leading cybersecurity experts and other advisers. We’ll have our online ordering up as soon as we can. Our fresh donuts are available in our shops as always. Additionally, many of you may also visit your nearest grocery or convenience store to enjoy our donuts.”

Krispy Kreme is actively addressing a recent cyberattack that impacted its operations, particularly online ordering. The company, based in Charlotte, NC, shared details of the IT systems breach in a filing with the Securities and Exchange Commission on December 10th, revealing that the incident took place at the end of November.

Following unauthorized activity on a portion of its information technology systems, Krispy Kreme immediately took steps to look into, limit, and resolve the breach in collaboration with cybersecurity experts. While Krispy Kreme shops worldwide remain open for in-person orders, some operational disturbances, notably with online ordering in certain U.S. regions, are being experienced. Nonetheless, there has been no interruption in the daily fresh deliveries to retail and restaurant partners.

The company has engaged federal law enforcement to investigate the security breach further, with ongoing efforts led by external cybersecurity professionals to handle and diminish the impact of the incident, including restoring online ordering services. Although the full extent and implications of the breach are not yet fully understood.

In the U.S. alone, Krispy Kreme operates 8,018 access points, which consist of various shop formats, including Hot Light Theater Shops, Fresh Shops, and Delivered Fresh Daily (DFD) branded donut cabinets in prominent locations such as grocery stores, convenience stores, and quick-service restaurants.

Despite the cybersecurity incident, Krispy Kreme reported a 2.5% organic revenue growth in the third quarter of fiscal 2024, thanks to an increase in access points and digital channel revenue. With digital sales accounting for 15.5% of global donut shop sales in the same period, up from 12.6% the previous year, the digital platform has proven to be a significant growth driver for the company.

To keep customers informed about the situation, Krispy Kreme shared a message on its website acknowledging the operational disruptions caused by the cyberattack. The company expressed its commitment to resolving the issue promptly and highlighted that fresh donuts are readily available in their shops. Customers are also encouraged to find Krispy Kreme products in nearby grocery or convenience stores.

While the cyber incident may impact business operations and financials until full recovery is achieved, Krispy Kreme is working tirelessly to address the issue. The company expects costs associated with the breach to have a material impact on its financials, including lost revenues from digital sales during the recovery phase. Nevertheless, with cybersecurity insurance in place to offset certain costs, Krispy Kreme reassures stakeholders that the incident is not expected to have a long-term material effect on its financial standing.