Krispy Kreme Inc. (NASDAQ: DNUT ) has been grappling with significant operational issues since it discovered a cybersecurity breach on Nov. 29 that knocked out its online ordering systems. While its 400 U.S. locations continue to operate for in-store purchases, the breach caused ongoing disruptions in digital sales, which account for 15.5% of the company’s revenue.
The donut and coffee chain, which also partners with grocery stores and about 2,000 McDonald’s locations, assured customers that delivery services would not be affected. However, according to an SEC filing, the company expects a “material impact” on its financials due to lost revenue from digital sales, system recovery costs and cybersecurity consulting fees. Despite these challenges, Krispy Kreme expressed optimism, citing cybersecurity insurance coverage to offset some of the costs.
Shares of Krispy Kreme fell 2% after news of the breach and are down 30% year to date, reflecting broader pressures on the business. While the cyber attack has compounded recent struggles, the company remains focused on growth initiatives, including a partnership with McDonald’s and an agreement to sell a majority stake in Insomnia Cookies to private equity firms.
The attack highlights the growing threat of cybercrime, which continues to disrupt business across sectors. According to Kiteworks’ 2024 Industry Risk Score Report, more than 3,200 data breaches in the US alone affected more than 353 million people in 2024.
Sectors ranging from healthcare and finance to retail and food services have experienced cyberattacks, demonstrating the pervasiveness of this risk. High-profile incidents include ransomware attacks on hospital networks, financial services breaches and service outages at technology companies.