Krispy Kreme gets Kracked: Doughnut giant has a cybersecurity hole
Cake fans left glazed and confused as mystery incident causes major operational disruption.
Krispy Kreme has been fried by a cybersecurity attack which played havoc with online orders and forced doughnut fans across the US to get their sugar fix in person.
In an SEC filing, Krispy Kreme said "unauthorised activity on a portion of its information technology systems" was detected on November 29.
It "immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts."
"Krispy Kreme shops globally are open, and consumers are able to place orders in person, but the Company is experiencing certain operational disruptions, including with online ordering in parts of the United States," it wrote. "Daily fresh deliveries to our retail and restaurant partners are uninterrupted."
The doughnut doyen is now working "diligently" to mitigate the impact from the incident and restore online ordering to ensure cake fiends can have snacks delivered to their door. It has notified federal law enforcement.
"As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known," it warned.
The incident "has had and is reasonably likely to have a material impact on the Company’s business operations until recovery efforts are completed", Krispy Kreme kontinued.
"The expected costs related to the incident, including the loss of revenues from digital sales during the recovery period, fees for our cybersecurity experts and other advisors, and costs to restore any impacted systems, are reasonably likely to have a material impact on the Company’s results of operations and financial condition."
The Company holds cybersecurity insurance that "is expected to offset a portion of the costs of the incident" and "does not expect this will have a long-term material impact on its results of operations and financial condition."
Holey moley: A plethora of puns
The attack on a beloved deliverer of doughnuts sparked a vast outpouring puns and jokes across the internet.
"Crossing a line," wrote Chris H., CEO of Aquia. "You can come after our telecommunications systems. "You can impact our water treatment facilities. You can burrow and disrupt our digital critical infrastructure, but once you start targeting America's donuts, sh*ts about to get real."
Brian Greenberg, CIO at RHR International, wrote: "Even trusted brands aren’t immune to cyber threats. This is a wake-up call for companies to prioritize proactive cybersecurity measures like endpoint protection and incident response planning"
However, some people were up to high dough about the jokes.
Jay Jay Davey, VP of Cyber Security at Planet, begged: "Please stop making puns about the Krispy Kreme hack. I doughnut think it's funny."
So how should businesses avoid getting battered in future?
Spencer Starkey, Executive Vice President, did not sugarcoat his advice.
"The proliferation of cyberattacks in 2024 shows that hackers are willing to target anything and everything," he told the Beeb. "It's vital every single business has a robust roadmap in place to deploy if and when an attack happens."
Have you got a story to share? Get in touch and let us know.
