Krispy Kreme Inc. has become the latest foodservice company to be hit with a cybersecurity attack. The JAB Holding Co.-owned doughnut chain was notified of “unauthorized activity” within its information technology systems on Nov. 29 and has since been experiencing “certain operational disruptions,” particularly with the company’s online ordering system.
“The company immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts,” Krispy Kreme said in an 8-K filing with the U. S. Securities and Exchange Commission.
The company also confirmed that while the incident is being investigated, shops remain open and able to take orders, and daily fresh doughnut deliveries to restaurant partners like McDonald’s and retail stores remain uninterrupted.
“The company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement,” Krispy Kreme’s statement continued. “As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known.”
Krispy Kreme also noted that the cybersecurity attack will likely have an impact on the company’s operations and the “expected losses” from the incident, as well as the financial cost of the investigation into the attack, will directly impact the company’s financial condition.
More information will likely be available when Krispy Kreme announces its next quarterly earnings in February.
This is the third major cybersecurity attack in the foodservice industry this year, following Starbucks’ third-party ransomware attack on its back-end processes in November and Panera experienced a cybersecurity attack in March, which led to the leak of personal information of many employees, including social security numbers.
Contact Joanna at [email protected]
