Krispy Kreme is currently dealing with a cybersecurity breach that has brought down parts of its online donut ordering service in the US. The company has been working to resolve the issue for over a week now after detecting unauthorized access to its systems on November 29th.
In a filing issued to the SEC on Wednesday, Krispy Kreme says it was “notified regarding unauthorized activity on a portion of its information technology systems” and pulled in “leading cybersecurity experts” for remediation.
The event took down Krispy Kreme’s consumer online ordering operations but it has not affected its commercial distribution business. However, the company says there’s “a material impact” on its business operations and that there will be significant financial implications stemming from the incident due to cybersecurity experts’ and advisers’ fees. Otherwise, Krispy Kreme says it has cybersecurity insurance and it does not expect “long-term material impact on its results of operations and financial condition.”
Krispy Kreme did not immediately respond to a request for comment on the cause of the cybersecurity incident. As speculated in a report by Bleeping Computer, the timeline may suggest the company is negotiating with possible threat actors so as not to leak internal data.
