Breach taxonomy
Summary
On November 29, 2024, Krispy Kreme was notified of unauthorized activity on a portion of its IT systems, causing operational disruptions including online ordering in parts of the United States. Physical shops remained open and daily fresh deliveries to retail and restaurant partners were uninterrupted, but the company assessed the incident as reasonably likely to have a material impact on business operations and financial results, including lost digital sales revenues and remediation costs. The company holds cybersecurity insurance expected to offset a portion of costs, and does not expect long-term material impact.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor category -> UNKNOWN.
MethodsSystem Outage
Filing describes unauthorized activity causing operational disruptions to online ordering; no specific attack method (ransomware, data exfiltration, etc.) is identified -> SYSTEM-OUTAGE.