Krispy Kreme, the popular donut and coffee chain has confirmed that the ransomware attack it experienced in late 2024 led to a significant data breach.
The company disclosed that it was targeted by a cyberattack on December 11, which caused disruptions to its operations.
Roughly a week after the incident, the Play ransomware group claimed responsibility. The group alleged it had exfiltrated personal data, client records, financial details, and documents related to accounting, contracts, payroll, and budgeting.
According to the attackers, they stole approximately 184 gigabytes of data. This information was later published on their Tor-based leak site in December 2024, likely after Krispy Kreme declined to pay the ransom.
Krispy Kreme has begun notifying affected individuals whose data was compromised in the breach.
The company’s investigation found that the stolen information may include names, dates of birth, Social Security numbers, driver’s license or state ID numbers, bank account details (including usernames and passwords), payment card information, passport numbers, digital signatures, email addresses and passwords, biometric data, U.S. military ID numbers, and medical or health information.
Most of those affected are current and former employees, as well as their family members.
Although the total number of individuals impacted remains unknown, Krispy Kreme employs around 20,000 people. The company has informed the Texas Attorney General that nearly 7,000 Texans were affected.
In response, Krispy Kreme is offering free credit monitoring and identity protection services to those impacted. While the company states there is no evidence of the stolen data being misused, access to these services could be critical given that the information has been made publicly available by the hackers.
The company reported that the financial impact of the incident surpassed $11 million in fiscal year 2024, with additional costs anticipated in 2025.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
