The renowned doughnut chain Krispy Kreme has fallen victim to a cyberattack claimed by the Play ransomware gang. The incident, which occurred in November, significantly impacted the company’s online ordering systems across the United States.
According to a December 11 SEC filing, Krispy Kreme detected unauthorized access to its IT systems on November 29. The company immediately implemented containment measures and enlisted cybersecurity experts to investigate the breach’s scope.
The attack has particularly affected Krispy Kreme’s digital operations, which account for 15.5% of its sales. The company, which operates 1,521 shops across 40 countries and employs 22,800 people, has maintained in-store operations despite the disruption.
Play ransomware operators claim to have exfiltrated sensitive data, including confidential client documents, payroll information, accounting records, and financial data. They have threatened to publish this information on December 21 if their demands are not met.
The Play ransomware group, active since June 2022, has targeted approximately 300 organizations globally, according to a joint advisory from the FBI, CISA, and ACSC. Their notable victims include Arnold Clark, Rackspace, the City of Oakland, and Microchip Technology.
While Krispy Kreme continues its recovery efforts, the company assures customers that fresh doughnuts remain available in stores, and they are working to restore online ordering capabilities.