Play ransomware group claims cyber attack on U.S. doughnut chain Krispy Kreme

News06 Jan 2025

The infamous Play ransomware group has claimed responsibility for launching a cyber attack on U.S. doughnut chain Krispy Kreme and has threatened to publish the company’s stolen data unless its ransom demands are met.

Headquartered in Charlotte, North Carolina, Krispy Kreme is an American multinational doughnut company and coffeehouse chain. It has a chain of more than 1,500 shops, and also partners with McDonalds to offer its products at several other locations.

In a filing with the U.S. Securities and Exchange Commission, Krispy Kreme said that on November 29, it was notified about an unauthorised activity in portions of its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement.

“As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known,” reads the filing.

While Krispy Kreme shops are open globally, the cyber security incident created certain operational disruptions, such as a delay in taking online orders at some of its U.S.-based stores. The company, however, clarified that daily fresh deliveries to its retail and restaurant partners remain uninterrupted.

“As of the date of this filing, the incident has had and is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed,” Krispy Kreme added.

Recently, the Play ransomware group claimed responsibility for the cyber attack on Krispy Kreme and listed it as a victim on its data leak site.

The group claims to have access to the company’s database including client files, budget, payroll, accounting, contracts, taxes, identification documents and finances and has threatened to leak the same on December 21 unless its ransom demands aren’t met.