Krispy Kreme has confirmed that a cyberattack has caused significant operational disruptions, including issues with online ordering across the US.  

The company was alerted to unauthorised activity on its information technology systems in November 2024 and is working with cybersecurity experts to resolve the situation, as reported by Reuters. 

The doughnut chain acknowledged the cybersecurity incident could have a material impact on its business, potentially affecting revenue from digital sales.  

Following the announcement, the company's shares dropped by 2%.

Despite the incident, Krispy Kreme's physical stores around the globe remain open for in-person orders.  

In a US Securities and Exchange Commission filing, Krispy Kreme disclosed that it had initiated an investigation into unauthorised activity detected on 29 November.  

The company is making efforts to restore online ordering services and has informed federal law enforcement.

While acknowledging the immediate effects of the hacking, Krispy Kreme does not anticipate any long-term material impact from the cyberattack. 

This incident follows a high-profile breach at Panda Restaurant Group in May 2024, in which the personal information of an unspecified number of employees was compromised, as reported by TOI.  

In November 2024, Starbucks stores in the US were compelled to revert to manual employee scheduling and payroll processing due to a ransomware attack on a third-party software system.   

According to the Wall Street Journal, Starbucks is relying on pen-and-paper to calculate employees’ pay.   

Arizona-based cloud services provider Blue Yonder was also struck by a ransomware attack in late November, causing considerable disruption to its managed services.