Krispy Kreme Cyberattack Disrupts U.S. Online Ordering Systems

On November 29, 2024, Krispy Kreme, the iconic doughnut and coffeehouse chain headquartered in Charlotte, North Carolina, suffered a cyberattack that disrupted its online ordering systems across the United States. While physical store operations and daily deliveries to retail partners such as McDonald's were unaffected, the breach impacted digital sales, which account for 15.5% of the company’s revenue. The company disclosed the incident on December 11, 2024, in a filing with the U.S. Securities and Exchange Commission (SEC), nearly two weeks after detecting the unauthorized activity. Krispy Kreme confirmed it had engaged leading cybersecurity experts and law enforcement to investigate the attack and mitigate its effects, though the nature of the breach and the identity of the threat actor remain unknown.

The incident is expected to impose significant financial burdens, including losses from reduced digital sales, cybersecurity consulting fees, and system recovery costs. Krispy Kreme’s stock dropped by approximately 2% following the disclosure, reflecting investor concerns. The ongoing disruption continues to affect digital sales with no clear resolution date, leaving customers reliant on in-person orders. While no threat actor has claimed responsibility, and no evidence points to a specific attack type, the prolonged impact raises questions about the scope of the breach and potential data compromise. This incident underscores vulnerabilities in the retail and hospitality sectors, where digital infrastructure is critical for operations. Investigations remain underway as Krispy Kreme works to restore full functionality.

Source

Subscribe to The Dysruption Hub

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe