Data Security, Government Regulations

Krispy Kreme hit with a bellyache of a data breach

Closeup of Krispy Kreme restaurant sign on the building.

(Adobe Stock)

Pastry giant Krispy Kreme disclosed on Dec. 11 that it suffered a network data breach.

The doughnut icon and retail chain said that normal activity was not affected, but it still had to disclose the incident to the U.S. Securities and Exchange Commission (SEC) in a required filing.

“Krispy Kreme shops globally are open, and consumers are able to place orders in person, but the Company is experiencing certain operational disruptions, including with online ordering in parts of the United States,” the donut chain said in a filing meant to reassure everyone’s inner Homer Simpson.

“Daily fresh deliveries to our retail and restaurant partners are uninterrupted.”

Krispy Kreme did not give specifics on the nature of the breach, and it said that it is investigating the incident.

While a data breach at a donut shop may not seem like a big deal, there is some reason for consumers to be concerned about matters beyond their blood sugar. Krispy Kreme handles payment card information, and when it comes to donuts there are likely more than a few company cards on file in their databases.

“The Company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement,” Krispy Kreme told the SEC.

“As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known.”

The company did not give any word as to who hacked the site or what their motivations were, though we would suggest that anyone who sees fit to mess with Krispy Kreme donuts should win a free trip to Florence, Colorado.

On a more serious note, there is some good news. Bugcrowd CISO Trey Ford said there should not be a major risk of private information disclosure as the company did its due diligence in isolating payment card data.

“Thankfully, there appears to be some degree of system isolation between the online ordering platform and the store management platform,” said Ford.

“On the upside, customers can still visit brick-and-mortar stores to buy donuts and coffee — albeit with the inconvenience of waiting a few extra minutes.”

Krispy Kreme said that it already consulted a cybersecurity insurance provider and it does not expect the incident will impact its bottom line.

Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Related

Byte Federal breach exposes 58K clients

Infiltration of Byte Federal's systems exposed individuals' full names, birthdates, physical addresses, email addresses, phone numbers, Social Security numbers, government-issued IDs, photos, and transaction activity, according to the firm's data breach notice, which emphasized that there has been no indication suggesting misuse of such data.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BitByteChecksumCipherCyclic Redundancy Check (CRC)Data WarehousingDiffie-HellmanDigital Signature Algorithm (DSA)Digital Signature Standard (DSS)Due Diligence

You can skip this ad in 5 seconds