Donut chain Krispy Kreme says it was hit by a cyberattack that disrupted its online systems.
Some customers were unable to place orders online following the hack, which occurred at the end of November but has only just been revealed.
Krispy Kreme disclosed the attack in a regulatory filing with the U.S. Securities and Exchanges Commission (SEC) on Wednesday.
It said the incident was “reasonably likely” to have “a material impact” on the company's business operations, but clarified that physical stores remained open.
“We are experiencing some operational disruptions due to a cybersecurity incident, including online ordering in parts of the United States,” a statement on Krispy Kreme's website reads.
“We know this is an inconvenience and we are working diligently to resolve the issue.”
The company told the BBC in a statement that it “immediately” took steps to investigate and contain the incident, and called in cybersecurity experts.
“We continue, along with them, to work diligently to respond and mitigate the impact of the incident, including the restoration of online orders,” it said.
No group has publicly taken responsibility for the hack.
Krispy Kreme is a large American chain with more than 1,400 stores worldwide.
In the UK it's smaller, but its 120 locations make it the country's largest specialty donut retailer.
Krispy Kreme said in its SEC filing that it had cybersecurity insurance, which it said would “offset some of the costs.”
The company said it expects those costs to come from lost digital sales, fees for experts it hired and restoration of affected systems.
Cyberattacks have caused serious disruption this year, affecting key infrastructure including hospitals and transportation systems.
“The proliferation of cyberattacks in 2024 shows that hackers are willing to target anything and everything,” said Spencer Starkey of cybersecurity firm SonicWall.
“It is essential that every company has a solid roadmap to deploy if and when an attack occurs,” he added.
Social networks, however, take this incident a little less seriously.
“Anyone who attacks Krispy Kreme should be jailed for life,” one user joked on X.
“Cybercriminals, you have gone too far this time,” posted another.
