Cyberattack Cooks Krispy Kreme Doughnut Delivery
Krispy Kreme, a US doughnut retailer, experienced a cybersecurity attack that disrupted online ordering but did not affect retail operations that continue to deliver sugar-coated treats across the country. Krispy Kreme said in a Securities and Exchange Commission statement that in late November, there was "unauthorized activity on a portion of its information technology systems" at the company.
Krispy Kreme, a US doughnut retailer, experienced a cybersecurity attack that disrupted online ordering but did not affect retail operations that continue to deliver sugar-coated treats across the country. Krispy Kreme said in a Securities and Exchange Commission statement that in late November, there was "unauthorized activity on a portion of its information technology systems" at the company.
"The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement," according to the Krispy Kreme 8-K filing. "As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known."
Krispy Kreme went on to say that although the cybersecurity attack will probably have a "material impact" on the company until it can recover, cyber insurance will probably cover any expected damages. Whether client data was compromised was not mentioned in the announcement, aside from operational damage. Consumer privacy advocate Paul Bischoff of Comparitech advised anyone who has placed an online order for Krispy Kreme doughnuts to anticipate being exposed.
"The majority of these kinds of attacks don't only interfere with systems," Bischoff continued. They take data, too. Give or take a few months, companies usually take around six months to look into breaches and locate the contact details of impacted clients.
The Krispy Kreme Incident Is Still Being Recovered
As the business moves past the event, Ilia Sotnikov, Netwrix's security strategist, stated the Krispy Kreme cybersecurity team likely worked quickly to avoid more widespread damage. According to a statement from Sotnikov, "all their shops are open and all delivery commitments to retail and restaurant partners are fulfilled." "This means that the team identified the intrusion and was ready to swiftly follow the incident response plan."
According to Ryan Sherstobitoff, senior vice president of threat research and intelligence at Security Scorecard, the whole Krispy Kreme supply chain may be susceptible to subsequent hacks, going beyond initial worries about company continuity.
"As one of the world's largest doughnut companies with over 400 US locations, this breach raises concerns about not only operational disruptions amidst the holidays but also the potential exposure of sensitive data within Krispy Kreme and its supply chain," Sherstobitoff stated in a statement. "As the holiday season gets underway, retailers must remain vigilant. Cybercriminals are lurking, waiting to exploit any distraction."