Krispy Kreme has announced a significant data breach that occurred in late 2024, affecting over 161,000 individuals, primarily current and former employees and their families. The company is now reaching out to those impacted to inform them of the situation.
In a statement on its website and a notification to the Maine attorney general’s office, Krispy Kreme revealed that the breach was discovered in late November 2024. The investigation into the incident uncovered that a variety of personal information was accessed. This includes names, Social Security numbers, driver’s license information, financial details, and even medical data.
The company stated that while they have no evidence of the stolen information being misused, they are taking the matter seriously. Krispy Kreme has implemented measures to improve their cybersecurity following the breach and is offering free credit monitoring and identity protection services to those affected.
Financially, the breach has had a noticeable impact on the company. In their annual report, Krispy Kreme disclosed spending approximately $3 million on remediation efforts and estimating a revenue loss of about $11 million in the U.S. due to the incident. They expect to continue facing costs related to cybersecurity in the upcoming fiscal year.
Krispy Kreme has assured customers that their systems are being strengthened to better protect personal data in the future. They encourage affected individuals to monitor their financial accounts and credit reports closely.