Doughnut giant Krispy Kreme confirmed on Wednesday that it is currently managing a significant security breach. The cyberattack has triggered operational disruptions across several United States locations, specifically impacting the company’s online ordering systems.
The Scope of the Security Breach
Krispy Kreme officially disclosed the incident through an 8-K filing with the SEC. The company stated it was alerted to unauthorized activity affecting its IT infrastructure on November 29. In response, internal teams and external cybersecurity experts were immediately deployed to investigate, contain, and remediate the threat.
Operational Status and Impact
Despite the digital disruption, the company emphasized that physical retail storefronts remain open globally. Supply chain logistics appear unaffected, with deliveries to retail and restaurant partners continuing as scheduled. However, the inability to process online orders in specific U.S. regions remains a primary hurdle.
Ongoing Investigation and Federal Involvement
The company is working closely with federal law enforcement to resolve the situation. Because the forensic investigation is still in its early stages, the full extent of the data breach—including whether sensitive employee or corporate information was compromised—remains unknown.
When pressed for further details regarding the nature of the attack, such as whether it involved ransomware, a spokesperson for the company declined to provide specifics beyond the official filing. Krispy Kreme acknowledged in its regulatory disclosure that the incident is “reasonably likely to have a material impact” on business operations until systems are fully restored.