HQ/EMEAFind out how we can help your business
Krispy Kreme has confirmed a cyberattack on its systems in late November, with the Play ransomware gang now claiming responsibility. This recent development follows the company’s disclosure earlier this month, detailing operational disruptions caused by the breach. The attack, detected on 29 November, affected Krispy Kreme’s online ordering system across parts of the United States.
The doughnut chain addressed the incident in a regulatory filing with the U. Securities and Exchange Commission (SEC) on 11 December. It revealed that unauthorised activity had been identified on its IT systems and that immediate actions were taken to contain and investigate the breach. External cybersecurity experts were engaged to assess the scope of the incident while the company worked to restore its systems.
Krispy Kreme guaranteed that its shops remained operational despite the online disruptions, allowing patrons to continue enjoying fresh doughnuts.
However, with digital orders accounting for 15.5% of its sales and contributing to a 3.5% organic revenue growth in 2024’s third quarter, the impact of the attack on its digital platform was notable. The company continues to operate 1,521 shops, 15,800 access points, and numerous production facilities worldwide, employing over 22,800 people across 40 countries. It also maintains a partnership with McDonald’s to expand product availability globally.
The Play ransomware gang’s claim marks a significant update in the case. The group alleges that it stole a variety of sensitive data, including customer records, payroll information, financial documents, and contracts, threatening to release the data on 21 November unless a ransom is paid. Despite these assertions, no evidence has been provided to verify the claims.
Active since mid-2022, the Play ransomware gang has built a reputation for employing double-extortion techniques, using stolen data as leverage to demand ransoms. The group has been linked to numerous high-profile breaches, including attacks on Rackspace, the City of Oakland, and Antwerp. According to a joint advisory issued by the FBI, CISA, and the Australian Cyber Security Centre (ACSC), the gang had compromised the systems of around 300 organisations globally by October 2023.
Krispy Kreme has not commented further on the gang’s claims but continues to focus on recovering from the breach and safeguarding its systems against future threats. This latest claim by the Play ransomware gang stresses the persistent cyber challenges constantly faced by organisations.
