Popular U.S.-based doughnut chain Krispy Kreme has confirmed that a cyberattack last year compromised the personal data of more than 160,000 individuals.
According to a notification filed with the Maine Attorney General’s Office, the company stated that the breach took place in late November 2024. However, affected individuals were informed only in May 2025, after the company completed its internal investigation.
In letters sent to those impacted, Krispy Kreme explained that while they currently have no evidence of misuse, sensitive data may have been accessed during the breach. The company has not publicly confirmed all the types of information that were exposed, but a separate disclosure in Massachusetts revealed that documents containing Social Security numbers, banking details, and driver’s license information were among those compromised.
Further updates posted on Krispy Kreme’s official website in June added that other personal records may have also been involved. These include medical and health data, credit card numbers, passport details, digital signatures, and even login credentials for financial and email accounts. The extent of exposure varied depending on the individual.
The breach first came to light on November 29, 2024, when Krispy Kreme discovered unusual activity on its internal systems. The incident disrupted its online ordering services and was reported in a regulatory filing on December 11. To manage the situation, the company brought in ind
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.