Donut lovers, this news may be a cause of concern for you all. The US-based donut company Krispy Kreme faced a cybersecurity incident last month. The attack on one of the world’s largest donut companies is a staggering reminder that threat actors are always on the move and are getting sophisticated – one attack at a time.
The cyberattack disrupted the Krispy Kreme’s online ordering system. Ever since the cyber incident has been in the news, the company has also experienced a reduction of 2% in its share values. As per the Securities and Exchange Commission filing by Krispy Kreme, there has been an ‘unauthorized activity on a portion of its information technology systems.’
Since then, it has been in constant touch with cybersecurity experts and is trying to minimize the impact of the threat attack. The federal law enforcement team has already been informed. Experts are working hard to put the online ordering system up and running.
Krispy Kreme expects a ‘material impact’ on daily business operations. Since online ordering has been stalled as of now, the donut company expects a loss in terms of reduced revenue through digital sales. The good news is that Krispy Kreme is accepting in-person orders.
As per the filings that the company made on December 10, Krispy Kreme was aware of the cyberattack in November. The donut company took immediate action.
Krispy Kreme has warned its customers about the security breach on its official website. The alert mentions the current operational disruptions around online ordering of donuts. Krispy Kreme has also mentioned that it is aware of the inconvenience its loyal customers are going through and that it is trying its best to bring things back to normal.
The company has emphasized that they are cooperating with cybersecurity teams to “investigate, contain and remediate” the cyberattack. It has requested customers to visit their nearest convenience or grocery stores to enjoy freshly made donuts.
Krispy Kreme has been tightlipped about whether or not the customer data has been compromised. However, consumer privacy experts believe that anyone who has ordered donuts from Krispy Kreme online should consider themselves exposed. They believe that such attacks do not only aim at disrupting day-to-day operations but also scrape off data. Cybersecurity investigations may take as long as 6 months to find out about such consumer data breaches.
At present, Krispy Kreme has over 400 outlets across the US. It has a total of 8,018 points of access that includes 71 Fresh Shops, 236 Hot Light Theatre shops, and 7,711 Delivered Fresh Daily branded donut cabinets across quick service restaurants, convenience stores, drug stores and club stores. This American multinational donut company and coffeehouse chain has partnered with McDonalds in order to make its products easily accessible to its dedicated customer base.
As per the fiscal 2024 third quarter, Krispy Kreme’s US organic revenue growth is around 2.5%. The increase in digital channel revenue has been 21%. This shows the significance of digital platforms for Krispy Kreme. This sudden cyber incident has put digital operations on a halt.
So far, no threat groups have taken responsibility for the cyberattack. Experts and investigating teams are already looking into the matter to find out the real culprits. It is yet not clear if it was a ransomware attack.
Cyber lessons that businesses must learn from Krispy Kreme attack!
Threat actors are relentlessly targeting everything from critical infrastructures and corporate sectors to supply chain systems and everyday business operations. While cyberattacks were once confined to high-tech industries, today, no business is immune—even those with minimal reliance on complex digital systems.
For instance, incidents like the Krispy Kreme cyberattack underscore the devastating impact such threats can have, including chaos, poor customer experiences, severe financial losses, and operational disruptions. Beyond these immediate consequences, attacks can erode customer trust and tarnish brand reputations.
Implementing robust phishing protection is crucial to safeguarding your business against these evolving threats. Phishing remains one of the most common and effective methods attackers use to breach systems, often serving as a gateway to more extensive cyberattacks. By investing in proactive measures like phishing awareness training, secure email gateways, and advanced threat detection tools, businesses can significantly reduce the risk of falling victim to these malicious schemes.
The Krispy Kreme attack may look like a one-off incident. However, these attacks generally serve as the entry point through which threat actors get access to data and critical systems, which they can further leverage to plan and execute future cyberattacks.
Cybersecurity experts urge businesses and companies to adopt PAM or Privileged Access Management systems in order to restrain such unfortunate cyber incidents. PAM allows limited access to sensitive assets to important and essential members. Also, it offers consistent monitoring in order to track any kind of suspicious activities.
Using a multi-factor authentication system and maintaining a strong password management system can also help prevent similar kinds of cyberattacks. Regular security audits and employee training should also be mandatory if you wish to keep cyberattackers at arm’s length.
The key is to understand that cybersecurity is no longer a state-of-the-art, fancy term. Rather, it is the need of the hour if you wish to enhance the operational resilience of your organization as well as retain your brand’s goodwill and reputation.