American doughnut giant Krispy Kreme has reported a significant cybersecurity incident that occurred on November 29, 2024, affecting its digital operations across the United States. The company, which operates 1,521 shops with 15,800 points of access and employs 22,800 people, disclosed the breach in a recent SEC filing.
The attack has primarily impacted the company’s online ordering system, though physical stores remain operational. Krispy Kreme has assured that daily deliveries to retail and restaurant partners, including its McDonald’s partnership locations, continue uninterrupted.
Digital sales, representing 15.5% of Krispy Kreme’s revenue and contributing to its 3.5% organic growth in Q3 2024, have been significantly affected. The company has engaged leading cybersecurity experts to contain and investigate the incident, though the full scope and nature of the breach remain under investigation.
Financial Impact:
– Stock price dropped 2% following the announcement
– Expected revenue loss from disrupted digital sales
– Additional costs for cybersecurity expertise and system restoration
While the specific type of cyberattack remains undisclosed, no ransomware groups have claimed responsibility for the incident. The company continues to work on recovery efforts, though no timeline for full restoration has been provided.
The incident highlights the growing vulnerability of major retail chains to cyber threats and the potential impact on their digital operations and financial performance.