Krispy Kreme Hit By Cyberattack, Disrupting Delivery Of Online Doughnut Orders

Here are the known facts about Krispy Kreme being hit by a cyberattack, which disrupted the delivery of online doughnut orders:

Krispy Kreme detected unauthorized activity on a portion of its information technology systems on November 29, 2024.

The cyberattack has caused operational disruptions, particularly affecting the online ordering system in parts of the United States. In-person sales at Krispy Kreme's 400 US locations remain unaffected, and deliveries to retail and restaurant partners, including McDonald's, continue without interruption.

Krispy Kreme anticipates that the attack will hurt its bottom line due to the loss of revenue from disrupted online orders, costs for cybersecurity experts, and system restoration expenses.

The company immediately began steps to investigate, contain, and remediate the incident with the help of leading cybersecurity experts. Federal law enforcement has been notified, but the full scope, nature, and impact of the incident are not yet known.

Krispy Kreme has acknowledged that the cyberattack is likely to have a "material impact" on its business operations until recovery efforts are completed. Digital orders represent 15.5% of the company's sales based on their Q3 2024 financial results.

The company has cybersecurity insurance which is expected to offset a portion of the costs associated with the breach.

These facts are based on the information available from Krispy Kreme's regulatory filings and public statements as reported in various news outlets.