Donut chain Krispy Kreme says it has been hit by a cyber attack that has disrupted its online systems.
Some customers have been unable to order online as a result of the hack, which happened in late November but has only just been revealed.
Krispy Kreme disclosed the attack in a regulatory filing with the US Securities and Exchange Commission (SEC) on Wednesday.
It said the incident was “reasonably likely” to have a “material impact” on the firm’s business operations, but clarified that brick-and-mortar stores remain open.
“We are experiencing some operational disruptions due to a cyber security incident, including online ordering in some parts of the United States,” reads a message on the Krispy Kreme website.
“We know this is an inconvenience and we are working diligently to resolve this issue.”
The firm told the BBC in a statement that it had “immediately” taken steps to investigate and contain the incident, and had brought in cyber security experts.
“We, along with them, continue to work diligently to respond to and mitigate the impact of the incident, including the restoration of online ordering,” it said.
No group has publicly claimed responsibility for the hack.
Krispy Kreme is a major chain in the United States, with more than 1,400 stores worldwide.
It’s small in the UK, but its 120 locations make it the country’s largest specialty donut retailer.
Krispy Kreme said in its SEC filing that it has cybersecurity insurance, which it expects to “cover a portion of the costs.”
It said it expects the costs to stem from the loss of digital sales, fees for experts it has hired and maintenance of affected systems.
Cyber attacks have caused severe disruption this year, with critical infrastructure being damaged. Hospitals And Transportation systems.
“The proliferation of cyberattacks in 2024 shows that hackers are ready to target anything and everything,” said Spencer Starkey from cyber security firm SonicWall.
“It’s critical that every business has a robust roadmap that can be deployed if an attack occurs,” he added.
However, social media is taking the incident a little less seriously.
“Anyone who messes with Krispy Kreme should go to jail for life,” one user on X joked.
“Cybercriminals, you’ve gone too far this time,” posted another.