Krispy Kreme, a popular US doughnut chain, has been facing issues with its online ordering system and digital payments at its physical shops since late November. A recent 8-K report filed with the US Securities and Exchange Commission (SEC) has shed light on the reason behind these troubles: a cybersecurity incident.
The company first became aware of unauthorized activity on a portion of its information technology systems on November 29, 2024. In response, Krispy Kreme launched an investigation and enlisted the help of cybersecurity experts to rectify the situation. The exact nature of the attack remains undisclosed, but the company has confirmed that it has caused operational disruptions, particularly in the online ordering department across certain regions of the United States.
It is unclear whether the online ordering system was intentionally disabled by the company as a precautionary measure or if it fell victim to external cyber attackers. Despite these challenges, Krispy Kreme assured that deliveries to retail outlets and restaurant partners are unaffected, and consumers can still place orders in person at their physical locations.
The cybersecurity incident has had a significant impact on Krispy Kreme’s business operations. The company acknowledged in a statement that the incident, as of December 11, 2024, has already and will likely continue to adversely affect its operations until recovery efforts are completed. The expected costs related to the incident, such as revenue losses from digital sales during the recovery period, cybersecurity expert fees, and system restoration expenses, are anticipated to have a material impact on the company’s financial performance and overall condition.
Nevertheless, Krispy Kreme disclosed that they have cybersecurity insurance in place, which is expected to offset some of the financial burdens stemming from the incident. They also expressed confidence that the incident will not have a lasting detrimental effect on their operations or financial health in the long run.
In light of these developments, Krispy Kreme is working diligently to address the cybersecurity breach, restore normal operations, and mitigate any further disruptions to their business. Customers can rest assured that the company is taking necessary steps to safeguard their information and provide a seamless ordering experience both online and in-store. As the investigation into the incident continues, Krispy Kreme remains committed to transparency and upholding the trust of its loyal customer base.