SUMMARY
- Cyberattack Reported: Krispy Kreme faced a cyberattack on November 29, 2024, disrupting online orders in the U.S.
- Operations Impact: In-store sales and deliveries remained unaffected despite the breach.
- Quick Response: The company collaborated with cybersecurity experts to investigate and contain the issue.
- Broader Context: The attack follows recent cyber incidents affecting supply chains, like Blue Yonder’s breach impacting Starbucks.
- Expert Warning: Cybersecurity threats highlight risks to operations, finances, and customer trust, urging stronger digital protections.
Popular doughnut chain Krispy Kreme has become the latest victim of a cyber attack. The incident, which was reported to the Securities and Exchange Commission (SEC) on November 29, 2024, has disrupted certain operations, including online ordering in the United States.
The attack comes in the wake of the November 21st cyberattack on Blue Yonder, a leading supply chain management software provider, which disrupted Starbucks operations as the coffee giant relies on its services.
What Happened?
According to the SEC filing, unauthorized activity was detected on a “portion“ of Krispy Kreme’s information technology systems. The company acted quickly, working with leading cybersecurity experts to investigate, contain, and mitigate the incident.
While Krispy Kreme shops around the world remain open, and customers can still place orders in person, the cyber attack has caused disruptions to online ordering in parts of the US. The company’s daily fresh deliveries to retail and restaurant partners, however, remain uninterrupted.
Krispy Kreme, working alongside its cybersecurity team, is actively working to resolve the situation and restore full online ordering capabilities. Federal law enforcement has also been informed about the attack.
Expert Opinion
“This seems like a targeted attack, happening during a time when Krispy Kreme is likely very busy,” said William Wright, CEO of Closed Door Security. “With online sales affected, customers might go somewhere else for their treats.”
Wright pointed out that while the incident mainly affected online sales, it could have been much worse. “If the attackers had gotten into Krispy Kreme’s production systems, they could have stopped doughnut production entirely,” he added.
Alberto Farronato, VP of Marketing at Oasis Security, a New York City-based provider of Non-Human Identity Management (NIM) solutions, has shared his insights on the Krispy Kreme breach. Farronato notes that the incident highlights how cybersecurity threats can have far-reaching consequences, affecting not just a company’s operations but also its customers.
“The ripple effect of a breach can be significant, leading to operational disruptions, financial losses, and a loss of customer trust,” he said. “This is a wake-up call for businesses to reexamine their approach to identity security, recognizing that the threat is not limited to human users, but also to the digital identities that power their systems.”
Farronato emphasizes that once a system is breached, it can become a doorway for attackers to gain unauthorized access to critical systems and data. As organizations become increasingly reliant on interconnected technology, it’s essential to take a proactive approach to identity security.
