Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Krispy Kreme. Show all posts
US Federal Agencies
Cyber Attacks Krispy Kreme US Federal Agencies

Krispy Kreme Confirms Cyberattack Affected Over 160,000 People

 



Popular U.S.-based doughnut chain Krispy Kreme has confirmed that a cyberattack last year compromised the personal data of more than 160,000 individuals.

According to a notification filed with the Maine Attorney General's Office, the company stated that the breach took place in late November 2024. However, affected individuals were informed only in May 2025, after the company completed its internal investigation.

In letters sent to those impacted, Krispy Kreme explained that while they currently have no evidence of misuse, sensitive data may have been accessed during the breach. The company has not publicly confirmed all the types of information that were exposed, but a separate disclosure in Massachusetts revealed that documents containing Social Security numbers, banking details, and driver's license information were among those compromised.

Further updates posted on Krispy Kreme's official website in June added that other personal records may have also been involved. These include medical and health data, credit card numbers, passport details, digital signatures, and even login credentials for financial and email accounts. The extent of exposure varied depending on the individual.

The breach first came to light on November 29, 2024, when Krispy Kreme discovered unusual activity on its internal systems. The incident disrupted its online ordering services and was reported in a regulatory filing on December 11. To manage the situation, the company brought in independent cybersecurity specialists and took steps to secure its systems.

While the company has not commented on the source of the attack, a ransomware group known as “Play” claimed responsibility in late December. The group has a history of targeting organizations around the world and is known for stealing data and demanding ransom by threatening to publish stolen information online—a tactic known as double extortion. However, their claims about the stolen data have not been verified by Krispy Kreme.

The Play ransomware operation has been linked to hundreds of cyberattacks globally, including incidents involving governments, corporations, and local authorities. U.S. federal agencies, along with international partners, issued a security advisory in late 2023 warning organizations about the group’s growing threat.

Krispy Kreme, which operates in over 40 countries and runs thousands of sales points including through a partnership with McDonald’s is continuing to investigate the full impact of the incident. The company is urging those affected to stay alert for signs of identity theft and take steps to protect their financial and personal accounts.

Read more »
Subscribe to: Posts (Atom)