Doughnut chain Krispy Kreme says cyber attack resulted in operational disruptions

U.S. doughnut chain Krispy Kreme said it experienced a major cyber attack that forced it to take several systems offline and resulted in operational disruption.

 

Headquartered in Charlotte, North Carolina, Krispy Kreme is an American multinational doughnut company and coffeehouse chain. With more than 1,500 shops, the company partners with McDonalds to offer its products at several other locations.

 

In a filing with the U.S. Securities and Exchange Commission, Krispy Kreme said that on November 29, it was notified about an unauthorised activity in portions of its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement.

 

“As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known,” reads the filing.

 

While Krispy Kreme shops are open globally, the cyber security incident created certain operational disruptions, such as a delay in taking online orders at some of its U.S.-based stores. The company, however, clarified that daily fresh deliveries to its retail and restaurant partners remain uninterrupted.

 

“As of the date of this filing, the incident has had and is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed.

 

“The expected costs related to the incident, including the loss of revenues from digital sales during the recovery period, fees for our cybersecurity experts and other advisors, and costs to restore any impacted systems, are reasonably likely to have a material impact on the Company’s results of operations and financial condition,” Krispy Kreme added.

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on Krispy Kreme and the company is yet to share if it has identified the perpetrator behind the incident or if it has received a ransom demand.