Krispy Kreme Data Breach Affects Consumer Info

Krispy Kreme Doughnut Corporation experienced a cybersecurity attack that impacted it's online ordering system, which remained disrupted for several days. The data breach was discovered on November 29, 2024.

According to news reports, it took approximately one month to resolve the system error disruption due to unauthorized activity. An investigation was launched and on May 22, 2025 it was determined that customer personal information may have been compromised.

Exposed customer information may include name, phone number, email address, and payment information.

Krispy Kreme filed a cybersecurity incident report with the SEC on December 11, 2024. The data breach was disclosed to the Vermont and Massachusetts Attorney Generals' offices on June 17, 2025.

Krispy Kreme's response

Krispy Kreme initiated an investigation and notified law enforcement. Affected individuals were notified.

If you have received a data breach notification from Krispy Kreme, you may want to:

• Sign up for the Kroll identity monitoring services offered, paid for by Krispy Kreme.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

To learn more about the company, visit the Krispy Kreme website.