Krispy Kreme Reports Cybersecurity Incident Impacting Online Orders

Krispy Kreme, Inc., the multinational doughnut and coffee chain with a presence in over 30 countries and more than 11,000 retail locations, has disclosed a cybersecurity incident that has disrupted its online ordering systems in parts of the United States. The company reported the breach to the U.S. Securities and Exchange Commission (SEC) on December 10, 2024, revealing that unauthorized activity was detected on its IT systems on November 29, 2024.

According to the filing, Krispy Kreme immediately initiated containment and remediation measures with the assistance of external cybersecurity experts. While the company’s physical store operations and fresh deliveries to retail and restaurant partners remain unaffected, online ordering disruptions are impacting customer convenience and revenue streams in certain areas. Federal law enforcement has been notified as part of the ongoing investigation.

“Krispy Kreme shops globally are open, and consumers are able to place orders in person, but the Company is experiencing certain operational disruptions, including with online ordering in parts of the United States. Daily fresh deliveries to our retail and restaurant partners are uninterrupted.” – Krispy Kreme

The incident is expected to have a material impact on the company’s financial performance during the recovery period. In addition to the loss of online sales, Krispy Kreme faces costs related to system restoration, expert advisory services, and other incident-related expenses. The company noted that it holds cybersecurity insurance, which should mitigate some of the financial losses. Despite these challenges, Krispy Kreme does not foresee long-term harm to its operations or financial health.

Founded in 1937 and headquartered in Charlotte, North Carolina, Krispy Kreme is known for its iconic Original Glazed® doughnuts and a broad array of coffee and dessert offerings. Its digital ordering platform has been a key part of its recent growth strategy, especially in the U.S. market, where online sales represent a significant portion of customer transactions.

As the full scope of the breach remains under investigation, Krispy Kreme is focusing on restoring online services and strengthening its cybersecurity posture to prevent future incidents. We reached out to the company for additional details but have not received a response at the time of publication.