December 11, 2024 at 01:23PM
Krispy Kreme confirmed a cyberattack that disrupted operations, including online ordering, referencing a “cybersecurity incident.” The company took immediate steps with cybersecurity experts to investigate and mitigate the impact. The incident, likely a data-extortion ransomware attack, is expected to materially affect business operations until resolved.
### Meeting Takeaways: Krispy Kreme Cyberattack Incident
1. **Incident Confirmation**: Krispy Kreme confirmed a cyberattack that caused operational disruptions, particularly affecting its online ordering system.
2. **Official Statement**:
– The company acknowledged the disruption and expressed its commitment to resolving the issues promptly.
– They are working with cybersecurity experts to investigate and remediate the situation.
3. **Notification and Reporting**:
– Krispy Kreme notified the Securities and Exchange Commission (SEC) about the incident, which began on November 29, 2024.
– The unauthorized activity was detected in some of its information technology systems.
4. **Ongoing Investigation**:
– The investigation is still active, and the full scope and impact of the cyberattack have yet to be fully determined.
– Federal law enforcement has been informed about the incident.
5. **Impact on Operations**:
– The company warns that the incident could materially affect business operations until recovery is complete.
– Krispy Kreme has cybersecurity insurance to help mitigate the financial impact.
6. **Company Overview**: Krispy Kreme operates in 30 countries worldwide, with a diverse range of doughnut and coffee shops, retail partnerships, and e-commerce services.
### Action Items:
– Continue monitoring updates from Krispy Kreme regarding the investigation and recovery efforts.
– Review cybersecurity protocols and response plans as a precautionary measure in light of this incident.