Doughnut chain Krispy Kreme says it suffered a cyberattack that disrupted its online systems.
The hack, which occurred in late November but was only recently disclosed, prevented some U.S customers from placing orders online.
Krispy Kreme disclosed the attack in a regulatory filing with the U.S. Securities and Exchange Commission (SEC) on Wednesday.
The company said the incident “is likely” to have a “significant impact” on the company’s business operations, but clarified that physical stores remain open.
A message on Krispy Kreme’s website said: “Due to a cybersecurity incident, some of our operations have been impacted, including online ordering in parts of the United States.
“We understand this is an inconvenience and we are working hard to resolve the issue.”
The company told the BBC in a statement that it took “immediate” steps to investigate and contain the incident and had engaged cybersecurity experts.
“We continue to work with them to respond to and mitigate the impact of this incident, including resuming online ordering,” the company said.
No group has publicly claimed responsibility for the hack.
Krispy Kreme is a large chain store in the United States with more than 1,400 stores worldwide.
In the UK it is smaller but with 120 stores it is the country’s largest specialist doughnut retailer.
Krispy Kreme said in its filing with the U.S. Securities and Exchange Commission that it has purchased cybersecurity insurance that it expects “to offset some of these costs”.
The company said it expects those costs to come from lost digital sales, the cost of hiring experts and the restoration of affected systems.
This year, cyberattacks have wreaked havoc, plaguing critical infrastructure such as hospitals and transportation systems.
Spencer Starkey of cybersecurity firm SonicWall said: “The surge in cyberattacks in 2024 shows that hackers are willing to attack anything.
He added: “It is critical that every business has a robust roadmap in place to deploy in the event of an attack.
However, social media did not take the incident seriously.
One user X joked: “Anyone who messes with Krispy Kreme should be sent to prison for life.
Another post read: “Cyber criminals, you have gone too far this time.
