Online ordering at Krispy Kreme disrupted by cyberattack

A cyberattack that began two weeks ago is hampering online ordering from the doughnut chain Krispy Kreme, the company said on Wednesday. 

The company warned the Securities and Exchange Commission (SEC) that it discovered “unauthorized activity” on portions of its IT system on November 29 and began an investigation to remediate the incident. 

While all stores remain open, it is “experiencing certain operational disruptions, including with online ordering in parts of the United States.”

“The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement,” Krispy Kreme said in an 8-K filing. 

Krispy Kreme acknowledged that the incident is “likely to have a material impact on the Company’s business operations until recovery efforts are completed,” noting that this is due to the “loss of revenues from digital sales during the recovery period, fees for our cybersecurity experts and other advisors, and costs to restore any impacted systems.”

The company does have cyber insurance which will cover some portion of the costs. No hacking group has taken credit for the attack as of Wednesday morning. 

Krispy Kreme is one of the largest doughnut companies in the world, reporting $379.9 million in revenue last quarter. 

The company is one of several retailers recently impacted by cyberattacks which have limited operations. Starbucks and several other supermarkets faced widespread issues due to a ransomware attack on a software supplier, and a European conglomerate that owns several U.S. grocery chains was similarly hampered by ransomware gang activity.