On December 10, 2024, Krispy Kreme, Inc. filed a notice with the Securities & Exchange Commission after discovering unauthorized activity on its computer network. In this notice, Krispy Kreme explains that the incident has resulted in some “operational disruptions,” but the extent of the damage cannot be assessed until the company completes its investigation. If Krispy Kreme’s investigation reveals that confidential consumer or employee information was leaked as a result of the incident, Krispy Kreme will be required to send data breach notification letters to anyone whose information was compromised.
If you receive a data breach notification from Krispy Kreme, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following a possible Krispy Kreme data breach. For more information, please see our recent piece on the topic here.
Was There a Krispy Kreme Data Breach?
Krispy Kreme only recently disclosed that it was the victim of a cyberattack, and the company’s investigation is ongoing. Thus, it’s too soon to tell if there was a Krispy Kreme data breach. However, Krispy Kreme’s filing with the Securities & Exchange Commission provides some important information about the incident.
According to the SEC filing, on November 29, 2024, Krispy Kreme was notified that there was unauthorized activity within its computer network. In response, Krispy Kreme enlisted the help of outside cybersecurity experts to contain and investigate the incident. Krispy Kreme also notified federal law enforcement.
Krispy Kreme’s investigation is ongoing; however, at this point, the company believes that the incident “is reasonably likely to have a material impact on the Company’s business operations.”
On December 10, 2024, Krispy Kreme filed notice of the cyberattack with the Securities & Exchange Commission. At this point, the company is still looking into the cause of the incident as well as the extent of the damage. Currently, Krispy Kreme locations are open, but the company reports some operational disruptions related to the cyberattack. At some point, Krispy Kreme’s investigation will turn to whether any confidential consumer or employee information was leaked as a result of the cyberattack. If so, the company will be required to send out data breach letters to anyone whose information was compromised.
More Information About Krispy Kreme, Inc.
Founded in 1937, Krispy Kreme, Inc. is a chain that sells doughnuts and other sweet treats, as well as coffee. Krispy Kreme operates approximately 1,400 locations worldwide. Krispy Kreme is publicly traded on the NASDAQ under the symbol “DNUT.” Krispy Kreme employs more than 22,800 people and generates approximately $1.7 billion in annual revenue.
