Krispy Kreme has been hit by a cyber attack that has disrupted its online systems. Customers have been unable to complete online orders as a result of the cyber attack.
The attack initially happened at the end of November 2024, however has just been made public due to the donut retailers submitting a regulatory filing with the US Securities and Exchanges Commission (SEC).
The filing states that Krispy Kreme had been ‘notified regarding unauthorized activity’ on its IT systems. It also confirms that the company has begun the process to investigate the incident, as well as contain and mitigate the impact by employing external ‘leading cybersecurity experts. Federal law enforcement has also been notified.
Physical stores remain operational
Although the cyber attack on Krispy Kremes has interrupted online ordering, in store operations remain open and customers are able to shop safely in person.
No hacker or cyber gang has claimed responsibility for the attack. Investigations into the full scope of the incident remain ongoing and the full nature and impact of the incident are yet to be known.
Despite physical stores being the key income stream for Krispy Kreme, approximately 16% of the company's total sales come from online orders. Especially in the busy festive season this disruption is likely to affect the companies profits.
Whilst the regulatory filing confirms that Krispy Kreme doesn't anticipate long-term consequences, the immediate impact will be felt in the form of lost revenue f and costs associated with hiring cybersecurity experts to investigate and address the cyber attack.
As a result of the news, the company's stock price experienced a 2% drop.
Cyber attacks on massive corporations like Krispy Kreme serve as a stark reminder that businesses of all sizes must invest in up to date and robust cyber security practices or risk not only data breaches but significant operational interruptions.
