Popular doughnut chain Krispy Kreme is grappling with the aftermath of a cyberattack that has disrupted its online ordering systems and operations across parts of the United States.
The company discovered unauthorized activity on its IT systems on November 29, prompting an immediate investigation with external cybersecurity experts. While physical stores remain open for in-person purchases, the cyber incident has severely impacted the company's digital sales channels.
In a filing with the Securities and Exchange Commission (SEC) on Wednesday, Krispy Kreme acknowledged that the attack will likely have substantial financial consequences due to lost digital revenue, cybersecurity consultation fees, and system restoration costs. The company maintains cyber insurance that will partially offset these expenses.
Despite the online disruptions, Krispy Kreme's daily fresh deliveries to retail partners and restaurants continue unaffected. The company has placed alerts on its website informing customers about the temporary suspension of online ordering while encouraging in-store visits.
No specific hacking group has claimed responsibility for the attack as of Wednesday. The incident adds Krispy Kreme to a growing list of targets recently targeted by cybercriminals, including Starbucks and several grocery chains affected by ransomware attacks.
The company's stock price dropped approximately 3% following the news, contributing to a 35% decline in value over the past year. Krispy Kreme has notified federal law enforcement and continues working to restore its affected systems, though no timeline for full recovery has been provided.
The doughnut maker, which reported revenue of $379.9 million last quarter, remains focused on maintaining regular store operations while its technical teams work to resolve the security breach and restore normal digital services.