Krispy Kreme disclosed in an SEC filing today that it detected unauthorized activity on November 29, 2024, which has disrupted its online ordering system in the United States.
“On November 29, 2024, Krispy Kreme, Inc. was notified regarding unauthorized activity on a portion of its information technology systems,” the filing stated.
Despite these challenges, Krispy Kreme confirmed that its stores worldwide remain open, allowing consumers to place orders in person. The company also noted that daily fresh deliveries to retail and restaurant partners have not been affected. However, operational disruptions, particularly to online ordering in parts of the U.S., persist.
A message on the company’s website acknowledges the issue: “We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States. We know this is an inconvenience and are working diligently to resolve the issue.”
Impact on Business Operations
Digital orders accounted for 15.5% of Krispy Kreme’s sales in the third quarter of 2024, contributing to a 3.5% organic revenue growth for the quarter. The disruption to online ordering represents a significant challenge for the company.
In response to the attack, Krispy Kreme engaged leading cybersecurity experts and implemented measures to contain and remediate the incident. However, the investigation is ongoing, and the full scope and nature of the breach remain unclear.
Krispy Kreme’s 400 U.S. locations remain open for in-person orders, while deliveries to partners such as grocery stores and nearly 2,000 McDonald’s restaurants continue without interruption.
As part of its growth strategy, Krispy Kreme has expanded its partnership with McDonald’s this year. Additionally, the company recently sold a majority stake in its Insomnia Cookies brand to private equity firms to focus on its core mission of delivering fresh doughnuts.
Financial Impact
Krispy Kreme acknowledged that the attack has had a material impact on its business and is expected to continue doing so until recovery efforts are completed. The company anticipates financial impacts including lost digital sales revenue, costs for cybersecurity and advisory services, and expenses related to restoring affected systems.
The news negatively affected Krispy Kreme’s stock, which fell by 2% earlier today following the disclosure of the incident.
Limited Details on the Attack
The company has not disclosed whether the incident involved ransomware or another form of cyberattack. Further updates are expected as the investigation progresses.
No groups have publicly taken responsibility for the hack.
Source: https://www.linkedin.com/pulse/krispy-kreme-hit-cyber-attack-the-cyber-security-hub-idz2e/
