Hackers take a bite out of Krispy Kreme in latest cyberattack

Doughnut chain Krispy Kreme has been the victim of a cyberattack, reporting unauthorised activity on some of its information technology systems in a regulatory filing with the US Securities and Exchanges Commission (SEC).

The cyberattack has disrupted operations, including online ordering in the United States. The company added that it has initiated an investigation and is working with external cybersecurity experts to mitigate the impact.

Krispy Kreme said the expected costs related to the incident, including the loss of revenue from digital sales, are “reasonably likely to have a material impact” on its operating results.

According to Reuters, shares of the company were down about 2% in premarket trading.

James Scobey, CISO at Keeper Security, said the incident highlighted the high cost of cybersecurity breaches — not only in financial terms but also in operational disruption and the erosion of customer trust.

“The reported downtime of online ordering demonstrates how even temporary interruptions can have a significant impact on revenue and brand reputation,” he said.

To mitigate ever-present cyber risks, he added that organisations needed to adopt a proactive approach to cybersecurity.

Read more: Ransomware Gangs of 2024: The Rise of the Affiliates

“Privileged Access Management (PAM) protects systems by limiting access to sensitive assets to only essential personnel and continuously monitoring privileged accounts for unusual activity.

“Strong password management — including the enforcement of strong, unique passwords and multi-factor authentication — is a critical first line defence in preventing unauthorised access.”

He continued that the cost of implementing these proactive measures was a fraction of the expense required to recover from a breach.

“Regular security audits, employee training and vulnerability assessments help identify and address potential vulnerabilities. Cybersecurity isn’t just a technical requirement — it’s essential for organisations to ensure operational resilience and maintain customer confidence.”

While cyber experts have praised the company for responding quickly — the incident occurred in late November — Boris Cipot, a senior security engineer at Black Duck Software, added that it also highlighted how industry sectors not associated with technology should focus on improving their overall security posture.

“Every business is a software business and, therefore, a possible target for cyber attacks. Targets like Krispy Kreme are usually lucrative for cyberattacks. Improvements in the security posture should include threat detection systems that can locate a threat before it impacts operations.”