Krispy Kreme has recently disclosed a significant cybersecurity incident that is affecting its operations, particularly its online ordering system. The company reported the breach to U.S. federal regulators, stating that it had identified unauthorized activity on its network on November 29, 2024. While the company’s physical stores remain open and its deliveries to retail outlets, including McDonald’s, are uninterrupted, the disruption has caused temporary issues with online ordering services in certain parts of the United States.
The donut chain, which reported $1.5 billion in revenue during 2023, has expressed that this incident will have a material impact on its business operations. Krispy Kreme acknowledged that online ordering accounted for 15% of its sales during the summer months, which makes this disruption particularly significant. Despite the ongoing recovery efforts, the company anticipates that the issue will continue to affect its business operations until the situation is resolved.
Krispy Kreme has reassured stakeholders that the long-term impact will be minimal, and it plans to offset the costs of incident response by utilizing its cybersecurity insurance policy. However, the disclosure has already caused some turbulence in the company’s stock price, with a 2.8% drop in trading during the first hours after the filing was made public. The company also recently divested its majority share in Insomnia Cookies to focus on its core doughnut business, further underscoring the importance of operational stability.
While Krispy Kreme has not fully disclosed the nature of the attack, it is suspected to be a financially motivated cyberattack, potentially involving ransomware. The breach highlights the growing need for companies, especially those with significant online operations, to strengthen their cybersecurity measures. Krispy Kreme’s response will likely serve as a case study for other publicly traded companies as they navigate the increasing threat of cyberattacks and adhere to new SEC disclosure requirements related to cybersecurity incidents.
Reference:
