Popular doughnut chain Krispy Kreme is grappling with a cyberattack that has impacted its online ordering capabilities across parts of the United States, according to a company filing with the Securities and Exchange Commission (SEC) on Wednesday.
The unauthorized system breach, first detected on November 29, prompted an immediate investigation by the company alongside external cybersecurity experts. While physical stores remain open for in-person purchases and deliveries to third-party vendors continue uninterrupted, the digital ordering platforms are experiencing operational disruptions.
In its SEC filing, Krispy Kreme acknowledged that the incident will likely have a material impact on business operations until recovery efforts conclude. The company faces financial setbacks from lost digital sales revenue and mounting costs related to cybersecurity consultants and system restoration efforts.
The Charlotte, North Carolina-based company, which operates in 40 countries and generated $379.9 million in revenue last quarter, maintains cybersecurity insurance that is expected to offset some of the recovery expenses. As of Wednesday morning, no hacking group had claimed responsibility for the attack.
This incident adds Krispy Kreme to a growing list of retailers recently targeted by cybercriminals. Similar attacks have affected major chains including Starbucks and various supermarkets through ransomware incidents targeting their software suppliers.
The company has notified federal law enforcement about the breach and continues working to restore full functionality to its online ordering systems. While the complete scope and nature of the incident remain under investigation, Krispy Kreme maintains that it does not anticipate any long-term financial effects from the cyberattack.