Popular U.S.-based doughnut chain Krispy Kreme has confirmed that a cyberattack last year compromised the personal data of more than 160,000 individuals.
According to a notification filed with the Maine Attorney General's Office, the company stated that the breach took place in late November 2024. However, affected individuals were informed only in May 2025, after the company completed its internal investigation.
In letters sent to those impacted, Krispy Kreme explained that while they currently have no evidence of misuse, sensitive data may have been accessed during the breach. The company has not publicly confirmed all the types of information that were exposed, but a separate disclosure in Massachusetts revealed that documents containing Social Security numbers, banking details, and driver's license information were among those compromised.
Further updates posted on Krispy Kreme's official website in June added that other personal records may have also been involved. These include medical and health data, credit card numbers, passport details, digital signatures, and even login credentials for financial and email accounts. The extent of exposure varied depending on the individual.
The breach first came to light on November 29, 2024, when Krispy Kreme discovered unusual activity on its internal systems. The incident disrupted its online ordering services and was reported in a regulatory filing on December 11. To manage the situation, the company brought in independent cybersecurity specialists and took steps to secure its systems.
While the company has not commented on the source of the attack, a ransomware group known as “Play” claimed responsibility in late December. The group has a history of targeting organizations around the world and is known for stealing data and demanding ransom by threatening to publish stolen information online—a tactic known as double extortion. However, their claims about the stolen data have not been verified by Krispy Kreme.
The Play ransomware operation has been linked to hundreds of cyberattacks globally, including incidents involving governments, corporations, and local authorities. U.S. federal agencies, along with international partners, issued a security advisory in late 2023 warning organizations about the group’s growing threat.
Krispy Kreme, which operates in over 40 countries and runs thousands of sales points including through a partnership with McDonald’s is continuing to investigate the full impact of the incident. The company is urging those affected to stay alert for signs of identity theft and take steps to protect their financial and personal accounts.
Swiss financial institution UBS has confirmed that some of its employee data was compromised and leaked online due to a cybersecurity breach at one of its external service providers. The incident did not impact client information, according to the bank.
The breach came to light after reports surfaced from Swiss media suggesting that data belonging to roughly 130,000 UBS staff members had been exposed online for several days. The compromised records reportedly include employee names, job titles, email addresses, phone numbers, workplace locations, and spoken languages.
UBS stated that it responded immediately upon learning of the breach, taking necessary steps to secure its operations and limit potential risks.
The cyberattack did not directly target UBS but rather a company it works with for procurement and administrative services. This supplier, identified as a former UBS spin-off, confirmed that it had been targeted but did not specify the extent of the data breach or name all affected clients.
A threat group believed to be behind the breach is known for using a form of cyber extortion that involves stealing sensitive data and threatening to publish it unless a ransom is paid. Unlike traditional ransomware attacks, this group reportedly skips the step of encrypting files and focuses solely on the theft and public exposure of stolen information.
So far, only one other company besides UBS has confirmed being impacted by this incident, though the service provider involved works with several major international firms, raising concerns that others could be affected as well.
Cybersecurity experts warn that the exposure of employee data, even without customer information can still lead to serious risks. Such data can be misused in fraud, phishing attempts, and impersonation scams. In today’s digital age, tools powered by artificial intelligence can mimic voices or even create fake videos, making such scams increasingly convincing.
There are also fears that exposed information could be used to pressure or manipulate employees, or to facilitate financial crimes through social engineering.
This breach serves as a reminder of how cyber threats are not limited to the primary organization alone. When suppliers and vendors handle sensitive internal information, their security practices become a critical part of the larger cybersecurity ecosystem. Threat actors increasingly target third-party providers to bypass more heavily secured institutions and gain access to valuable data.
As investigations continue, the focus remains on understanding the full scope of the incident and taking steps to prevent similar attacks in the future.
People planning their holidays are now facing a sneaky online threat. Cyber experts have discovered that hackers are building fake travel websites that closely resemble popular booking platforms. These websites are designed to fool people who are searching for vacation deals.
Imitation Websites Can Fool You
Researchers from HP Wolf Security have found that cyber attackers are copying the design of trusted travel sites, such as Booking.com. The fake pages use the same colours, logos, and overall style as the real ones, making it very difficult for most people to spot the difference.
However, there is a key warning sign. The information on these fake sites appears blurry or unclear. On top of this blurred page, a pop-up message shows up asking you to accept cookies.
Most internet users are familiar with cookie permission requests. Accepting cookies is normally safe and helps websites remember your settings. But in this scam, clicking on the cookie button secretly starts downloading harmful files.
What Happens When You Click?
When someone clicks to accept the cookies on these fake sites, a dangerous file is immediately downloaded to their computer. This file installs a type of harmful program known as a remote access trojan, or RAT.
The specific malware used in this case is called XWorm. Once installed, this program gives hackers full control over the device. The attackers can view your personal files, turn on your camera or microphone, shut down your security software, install other harmful programs, and steal important information such as passwords.
Why Holidaymakers Are Being Targeted
The security team noticed that this scam began spreading in early 2025. This period is when many people are busy planning summer trips and are more likely to click quickly without checking details carefully.
Experts also explained that because cookie banners have become a normal part of browsing, many people automatically click to accept without stopping to think. Hackers are using this habit to spread their malware more easily.
How to Protect Yourself
The most important way to stay safe is to slow down when browsing travel websites. Always check the web address carefully to make sure you are on the official website. Be extra careful if the page looks blurry, or if the cookie pop-up seems strange.
Take your time before clicking anything. Do not rush when making bookings, even if you feel excited or pressured. Scammers depend on people clicking too quickly.
Being careful and paying attention can help keep you safe from these kinds of online traps. Always verify the website before you move forward.