Krispy Kreme cyberattack: Stock dips, online donut orders disrupted by IT security breach of unknown scale

Krispy Kreme Inc. (NASDAQ: DNUT) has been grappling with significant operational challenges after detecting a cybersecurity breach on November 29, which disrupted its online ordering systems. While its 400 U.S. locations continue to operate for in-store purchases, the breach has caused ongoing disruptions to digital sales, a segment that constitutes 15.5% of the company’s revenue.

The donut-and-coffee chain, which also has partnerships with grocery stores and nearly 2,000 McDonald’s locations, has assured customers that delivery services remain unaffected. However, according to a filing with the SEC, the company anticipates a ‘material impact’ on its financial condition, due to revenue losses from digital sales, system restoration expenses, and cybersecurity consulting fees. Despite these challenges, Krispy Kreme expressed optimism, citing cybersecurity insurance coverage to offset some costs.

Krispy Kreme’s stock declined 2% following news of the breach and is down 30% year to date, reflecting broader pressures on the business. While the cyberattack compounds recent struggles, the company remains focused on growth initiatives, including its McDonald’s partnership and a deal to sell a majority stake in Insomnia Cookies to private equity firms.

The attack highlights the growing threat of cybercrime, which continues to disrupt businesses across sectors. In 2024 alone, more than 3,200 data breaches in the U.S. have affected over 353 million individuals, according to Kiteworks’ 2024 Industry Risk Score Report.

Sectors ranging from healthcare and finance to retail and food services have faced cyberattacks, demonstrating the pervasive nature of this risk. High-profile incidents have included ransomware attacks on hospital networks, breaches in financial services, and service disruptions at technology companies.