Krispy Kreme
Company Details
Linkedin ID:
krispy-kreme
Website:
Employees number:
10,045
Number of followers:
130,022
NAICS:
722
Industry Type:
Homepage:
krispykreme.com
IP Addresses:
0
Company ID:
KRI_2894119
Scan Status:
In-progress
Krispy Kreme Company CyberSecurity Posture
krispykreme.com
Headquartered in Charlotte, N.C., Krispy Kreme is one of the most beloved and well-known sweet treat brands in the world. Our iconic Original Glazed® doughnut is universally recognized for its hot-off-the-line, melt-in-your-mouth experience. Krispy Kreme operates in more than 40 countries through its unique network of fresh doughnut shops, partnerships with leading retailers, and a rapidly growing digital business. Our purpose of touching and enhancing lives through the joy that is Krispy Kreme guides how we operate every day and is reflected in the love we have for our people, our communities, and the planet.
Krispy Kreme A.I CyberSecurity Scoring
Krispy Kreme Risk Score (AI oriented)Between 550 and 599
Krispy Kreme
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Krispy Kreme Global Score (TPRM)XXXX
Krispy Kreme
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Krispy Kreme Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Krispy Kreme Doughnut Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Krispy Kreme Doughnut Corporation experienced a significant data breach in late November 2024, affecting thousands of current and former employees, along with their family members. The breach exposed highly sensitive personal information, including Social Security numbers, financial account information, biometric data, and medical information. The company has since implemented additional security measures and is offering complimentary credit monitoring and identity protection services to those affected.
Krispy Kreme
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: On **Black Friday 2024**, Krispy Kreme detected unauthorized network activity, marking the start of a **cyber-attack** that crippled its **online ordering system until December 30, 2024**. The incident led to **significant financial and operational disruptions**, including lost digital sales revenue, cybersecurity advisory fees, and system restoration costs, all of which materially impacted the company’s financial condition. Months later, in **May 2025**, Krispy Kreme disclosed that **nearly 62,000 individuals** had their **highly sensitive data stolen**, including **Social Security numbers, financial account details, passport numbers, and biometric data**. The breach exploited potential holiday-season vulnerabilities, such as understaffed security teams and relaxed IT monitoring. The prolonged investigation and recovery underscored the attack’s severity, with long-term reputational and financial repercussions for the company.
Krispy Kreme
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Krispy Kreme, the U.S. doughnut chain, confirmed a cyberattack in November 2024 that resulted in the theft of personal information of over 160,000 individuals. The breach affected 161,676 individuals, exposing their social security numbers, financial account information, and driver's license information. The Play ransomware gang claimed responsibility for the attack, releasing hundreds of GBs of stolen documents on their dark web leak site after failed negotiations.
Krispy Kreme Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Krispy Kreme
Incidents vs Food and Beverage Services Industry Average (This Year)
No incidents recorded for Krispy Kreme in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Krispy Kreme in 2025.
Incident Types Krispy Kreme vs Food and Beverage Services Industry Avg (This Year)
No incidents recorded for Krispy Kreme in 2025.
Incident History — Krispy Kreme (X = Date, Y = Severity)
Krispy Kreme cyber incidents detection timeline including parent company and subsidiaries
Krispy Kreme Company Subsidiaries
Headquartered in Charlotte, N.C., Krispy Kreme is one of the most beloved and well-known sweet treat brands in the world. Our iconic Original Glazed® doughnut is universally recognized for its hot-off-the-line, melt-in-your-mouth experience. Krispy Kreme operates in more than 40 countries through its unique network of fresh doughnut shops, partnerships with leading retailers, and a rapidly growing digital business. Our purpose of touching and enhancing lives through the joy that is Krispy Kreme guides how we operate every day and is reflected in the love we have for our people, our communities, and the planet.
Loading...
Krispy Kreme Similar Companies
Sigma
We are a global food company dedicated to bringing local favorite foods to communities everywhere. Within 17 countries, we offer quality branded food at a range of price points and across diverse categories. We're a company dedicated to the production, distribution and sales of refrigerated and fr
Aramark Chile
Logramos un fuerte impacto en los lugares donde las personas trabajan, estudian y se recuperan. Nos concentramos en enriquecer la vida de millones de personas en todo el mundo, ofreciendo una amplia gama de servicios (en los rubros de servicios de alimentación y gestión de instalaciones) a un dive
Sysco
Sysco is the global leader in selling, marketing and distributing food products to restaurants, healthcare and educational facilities, lodging establishments and other customers who prepare meals away from home. Its family of products also includes equipment and supplies for the foodservice and hosp
Almarai - المراعي
Founded in 1977, Almarai Company is the world’s largest vertically integrated dairy company and the largest food and beverage manufacturing and distribution company in MENA. Headquartered in the Kingdom of Saudi Arabia, Almarai Company is ranked as the number one FMCG Brand in the MENA region and th
Nestlé
As the world’s largest food and beverage company we are driven by a simple aim: unlocking the power of food to enhance quality of life for everyone, today and for generations to come. To deliver on this, we serve with passion, with a spirit of excellence, offering products and services for all stage
Red Bull
Red Bull Gives Wiiings to People and Ideas. This has driven us – and all we do – since 1987. Today, Red Bull operates in over 170 countries, selling more than 12 billion cans annually and growing! Above all, our people remain the essential ingredient in bringing the Red Bull brand to life. Check out
As China’s leading dairy manufacturer, Mengniu focuses on producing nutritional, healthy and tasty dairy products for customers worldwide. 20 years of experiences enabled Mengniu to develop a diversified product matrix, including liquid milk, ice-cream, infant formula, cheese and etc. The company ha
Compass Group USA
Compass Group is redefining the food and facility services landscape with innovation and passion through the lens of what’s next. Serving premier healthcare systems, respected educational institutions, world-renowned cultural centers, popular sporting and entertainment venues, and Fortune 500 organi
We bottle and sell the beverages of The Coca-Cola Company exclusively in our 29 markets and partner with other beverage businesses to also sell their brands. With over 100 brands covering eight categories – sparkling, water, juices, ready-to-drink tea, energy, plant-based, premium spirits and coffee
.png)
Krispy Kreme CyberSecurity News
September 03, 2025 07:00 AM
FBI Director bought Krispy Kreme shares while it faces an FBI probe
Kash Patel invested up to $50000 in Krispy Kreme as the FBI investigates a breach affecting 160000 customers.
July 29, 2025 06:31 PM
Securing the Sweet Treats
Everyone has a Krispy Kreme story, CISO and Senior Director, Infrastructure, Jerry Fowler says, adding that those stories are more than doughnut reviews.
June 27, 2025 07:00 AM
Hackers Hit Krispy Kreme – 161,676 Americans Warned Social Security Numbers, Names, Drivers Licenses and Other Sensitive Data At Risk
Krispy Kreme is warning tens of thousands of Americans that they are now at risk of identity theft and fraud following a major cybersecurity...
June 24, 2025 07:00 AM
Ransomware attack hits Krispy Kreme systems
Krispy Kreme has confirmed that over 160000 individuals were affected by a ransomware attack in late 2024, in which hackers accessed and...
June 24, 2025 07:00 AM
Lynch Carpenter Investigates Claims in Krispy Kreme Data Breach
PITTSBURGH, June 24, 2025 (GLOBE NEWSWIRE) -- Krispy Kreme Doughnut Corporation (“Krispy Kreme”) recently announced a cybersecurity incident...
June 23, 2025 07:00 AM
Krispy Kreme Data Breach Update: 160,000 Individuals Affected
In November 2024, Krispy Kreme experienced a cyber incident. As of recently, the organization has revealed that 161,676 people were impacted...
June 23, 2025 07:00 AM
Krispy Kreme confirms data leak after ransomware attack
Krispy Kreme suffered a ransomware attack exposing sensitive employee data, with 184GB leaked online and costs surpassing $11M.
June 20, 2025 07:00 AM
Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack
Krispy Kreme began sending out breach notification documents to thousands of victims this week after a cyberattack in November exposed troves of data.
June 20, 2025 07:00 AM
Cyber Security Headlines Week in Review: ClickFake deepfake scam, Krispy Kreme breach, NIST ZTA guidance
A cautionary tale from the crypto world, but equally applicable to regular businesses and organizations. Security firm Huntress reports on a...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Krispy Kreme CyberSecurity History Information
Official Website of Krispy Kreme
The official website of Krispy Kreme is http://www.krispykreme.com.
Krispy Kreme’s AI-Generated Cybersecurity Score
According to Rankiteo, Krispy Kreme’s AI-generated cybersecurity score is 562, reflecting their Very Poor security posture.
How many security badges does Krispy Kreme’ have ?
According to Rankiteo, Krispy Kreme currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Krispy Kreme have SOC 2 Type 1 certification ?
According to Rankiteo, Krispy Kreme is not certified under SOC 2 Type 1.
Does Krispy Kreme have SOC 2 Type 2 certification ?
According to Rankiteo, Krispy Kreme does not hold a SOC 2 Type 2 certification.
Does Krispy Kreme comply with GDPR ?
According to Rankiteo, Krispy Kreme is not listed as GDPR compliant.
Does Krispy Kreme have PCI DSS certification ?
According to Rankiteo, Krispy Kreme does not currently maintain PCI DSS compliance.
Does Krispy Kreme comply with HIPAA ?
According to Rankiteo, Krispy Kreme is not compliant with HIPAA regulations.
Does Krispy Kreme have ISO 27001 certification ?
According to Rankiteo,Krispy Kreme is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Krispy Kreme
Krispy Kreme operates primarily in the Food and Beverage Services industry.
Number of Employees at Krispy Kreme
Krispy Kreme employs approximately 10,045 people worldwide.
Subsidiaries Owned by Krispy Kreme
Krispy Kreme presently has no subsidiaries across any sectors.
Krispy Kreme’s LinkedIn Followers
Krispy Kreme’s official LinkedIn profile has approximately 130,022 followers.
NAICS Classification of Krispy Kreme
Krispy Kreme is classified under the NAICS code 722, which corresponds to Food Services and Drinking Places.
Krispy Kreme’s Presence on Crunchbase
No, Krispy Kreme does not have a profile on Crunchbase.
Krispy Kreme’s Presence on LinkedIn
Yes, Krispy Kreme maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/krispy-kreme.
Cybersecurity Incidents Involving Krispy Kreme
As of November 27, 2025, Rankiteo reports that Krispy Kreme has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Krispy Kreme has an estimated 8,400 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Krispy Kreme ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Cyber Attack and Ransomware.
What was the total financial impact of these incidents on Krispy Kreme ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Krispy Kreme detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with external cybersecurity experts, and containment measures with took measures to contain the breach, and communication strategy with breach notification letters, and incident response plan activated with yes, and third party assistance with yes, and remediation measures with complimentary credit monitoring and identity protection services, remediation measures with additional security measures to strengthen it infrastructure, and communication strategy with individual notice letters to affected individuals, communication strategy with dedicated support line, and incident response plan activated with yes (investigation initiated post-detection), and third party assistance with yes (cybersecurity experts and advisors engaged), and remediation measures with system restoration, ongoing investigation, and recovery measures with online ordering system restored by december 30, 2024, and communication strategy with sec filing (december 11, 2024), customer notification (may 2025)..
Incident Details
Can you provide details on each incident ?
Title: Krispy Kreme Data Breach
Description: Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack.
Date Detected: 2024-11-29
Date Publicly Disclosed: 2024-12-11
Type: Data Breach, Ransomware
Threat Actor: Play Ransomware
Motivation: Financial Gain, Data Theft
Title: Krispy Kreme Data Security Incident
Description: Krispy Kreme Doughnut Corporation has confirmed a significant data security incident affecting thousands of current and former employees, along with their family members, following unauthorized access to company systems discovered in late November 2024.
Date Detected: 2024-11-29
Date Publicly Disclosed: 2025-05-22
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Cybercriminals
Title: Krispy Kreme Black Friday 2024 Cyberattack and Data Breach
Description: On Black Friday 2024, Krispy Kreme detected unauthorized activity on its network, leading to a cyberattack that disrupted its online ordering system until December 30, 2024. The incident resulted in the theft of sensitive personal data of nearly 62,000 individuals, including Social Security numbers, financial account information, passport numbers, and biometric data. The attack was disclosed in an SEC filing on December 11, 2024, with expected material financial and operational impacts. The company continued its investigation into 2025, confirming the data breach in May 2025.
Date Detected: 2024-11-29
Date Publicly Disclosed: 2024-12-11
Date Resolved: 2024-12-30
Type: cyberattack
Motivation: financial gaindata theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Ransomware KRI302061925
Data Compromised: Social security numbers, Financial account information, Driver's license information, Client documents, Budget, Payroll, Accounting, Contracts, Taxes, Ids, Finance information
Systems Affected: IT Systems
Operational Impact: Disruptions to Online Ordering
Identity Theft Risk: High
Payment Information Risk: High
Incident : Data Breach KRI606061925
Data Compromised: Social security numbers, Dates of birth, Driver’s license numbers, Financial account information, Credit and debit card details with security codes, Passport numbers, Usernames and passwords for financial accounts, Biometric data, Medical and health insurance information, U.s. military id numbers, Immigration-related documentation, Digital signatures, Email credentials
Identity Theft Risk: High
Payment Information Risk: High
Incident : cyberattack KRI5093650100125
Financial Loss: material impact (revenue loss from digital sales, cybersecurity expert fees, system restoration costs)
Data Compromised: Social security numbers, Financial account information, Passport numbers, Biometric data, Personally identifiable information
Systems Affected: online ordering system
Downtime: 31 days (November 29, 2024 – December 30, 2024)
Operational Impact: online ordering system offline, extended investigation period
Revenue Loss: loss of digital sales during peak holiday season
Brand Reputation Impact: high (public disclosure of sensitive data breach)
Identity Theft Risk: high (SSNs, financial data, biometric data exposed)
Payment Information Risk: high (financial account information compromised)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, Financial Account Information, Driver'S License Information, Client Documents, Budget, Payroll, Accounting, Contracts, Taxes, Ids, Finance Information, , Social Security Numbers, Dates Of Birth, Driver’S License Numbers, Financial Account Information, Credit And Debit Card Details With Security Codes, Passport Numbers, Usernames And Passwords For Financial Accounts, Biometric Data, Medical And Health Insurance Information, U.S. Military Id Numbers, Immigration-Related Documentation, Digital Signatures, Email Credentials, , Personally Identifiable Information (Pii), Financial Data, Biometric Data, Government-Issued Ids (Ssns, Passports) and .
Which entities were affected by each incident ?
Incident : Data Breach, Ransomware KRI302061925
Entity Name: Krispy Kreme
Entity Type: Multinational Coffeehouse Chain
Industry: Food and Beverage
Location: Global
Size: 22,800 Employees
Customers Affected: 161676
Incident : Data Breach KRI606061925
Entity Name: Krispy Kreme Doughnut Corporation
Entity Type: Corporation
Industry: Food and Beverage
Customers Affected: Thousands of current and former employees, along with their family members
Incident : cyberattack KRI5093650100125
Entity Name: Krispy Kreme
Entity Type: public company
Industry: food and beverage (donut retail)
Location: United States (global operations)
Customers Affected: 62,000 individuals
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach, Ransomware KRI302061925
Third Party Assistance: External Cybersecurity Experts
Containment Measures: Took Measures to Contain the Breach
Communication Strategy: Breach Notification Letters
Incident : Data Breach KRI606061925
Incident Response Plan Activated: Yes
Third Party Assistance: Yes
Remediation Measures: Complimentary credit monitoring and identity protection servicesAdditional security measures to strengthen IT infrastructure
Communication Strategy: Individual notice letters to affected individualsDedicated support line
Incident : cyberattack KRI5093650100125
Incident Response Plan Activated: yes (investigation initiated post-detection)
Third Party Assistance: yes (cybersecurity experts and advisors engaged)
Remediation Measures: system restoration, ongoing investigation
Recovery Measures: online ordering system restored by December 30, 2024
Communication Strategy: SEC filing (December 11, 2024), customer notification (May 2025)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes, .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through External Cybersecurity Experts, Yes, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Ransomware KRI302061925
Type of Data Compromised: Social security numbers, Financial account information, Driver's license information, Client documents, Budget, Payroll, Accounting, Contracts, Taxes, Ids, Finance information
Number of Records Exposed: 161676
Sensitivity of Data: High
Incident : Data Breach KRI606061925
Type of Data Compromised: Social security numbers, Dates of birth, Driver’s license numbers, Financial account information, Credit and debit card details with security codes, Passport numbers, Usernames and passwords for financial accounts, Biometric data, Medical and health insurance information, U.s. military id numbers, Immigration-related documentation, Digital signatures, Email credentials
Number of Records Exposed: Thousands
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : cyberattack KRI5093650100125
Type of Data Compromised: Personally identifiable information (pii), Financial data, Biometric data, Government-issued ids (ssns, passports)
Number of Records Exposed: 62,000
Sensitivity of Data: high
Data Exfiltration: yes
Personally Identifiable Information: yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Complimentary credit monitoring and identity protection services, Additional security measures to strengthen IT infrastructure, , system restoration, ongoing investigation.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by took measures to contain the breach.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : cyberattack KRI5093650100125
Data Exfiltration: yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through online ordering system restored by December 30, 2024.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach, Ransomware KRI302061925
Regulatory Notifications: Maine's Office of the Attorney GeneralMassachusetts' Attorney GeneralSEC
Incident : cyberattack KRI5093650100125
Regulatory Notifications: SEC filing (December 11, 2024)
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : cyberattack KRI5093650100125
Lessons Learned: Hackers exploit holiday periods when security teams may be understaffed or monitoring relaxed. Proactive security measures, employee training, and incident response preparedness are critical during high-risk periods like Black Friday.
What recommendations were made to prevent future incidents ?
Incident : Data Breach KRI606061925
Recommendations: Stay vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges, Regular review of personal financial information to detect potential identity theft earlyStay vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges, Regular review of personal financial information to detect potential identity theft early
Incident : cyberattack KRI5093650100125
Recommendations: Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Hackers exploit holiday periods when security teams may be understaffed or monitoring relaxed. Proactive security measures, employee training, and incident response preparedness are critical during high-risk periods like Black Friday.
References
Where can I find more information about each incident ?
Incident : Data Breach, Ransomware KRI302061925
Source: BleepingComputer
Incident : Data Breach KRI606061925
Source: Krispy Kreme Doughnut Corporation
Incident : cyberattack KRI5093650100125
Source: Krispy Kreme SEC Filing (December 11, 2024)
Incident : cyberattack KRI5093650100125
Source: Krispy Kreme Customer Notification (May 2025)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer, and Source: Krispy Kreme Doughnut Corporation, and Source: Krispy Kreme SEC Filing (December 11, 2024), and Source: Krispy Kreme Customer Notification (May 2025).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach KRI606061925
Investigation Status: Completed
Incident : cyberattack KRI5093650100125
Investigation Status: completed (as of May 2025 notification)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Breach Notification Letters, Individual Notice Letters To Affected Individuals, Dedicated Support Line, SEC filing (December 11, 2024) and customer notification (May 2025).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : cyberattack KRI5093650100125
Customer Advisories: yes (notified 62,000 affected individuals in May 2025)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were yes (notified 62 and000 affected individuals in May 2025).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : cyberattack KRI5093650100125
High Value Targets: Customer Pii, Financial Data,
Data Sold on Dark Web: Customer Pii, Financial Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KRI606061925
Corrective Actions: Implemented Additional Security Measures To Strengthen It Infrastructure,
Incident : cyberattack KRI5093650100125
Root Causes: Potential Understaffing During Holidays, Relaxed It Monitoring, Exploitation Of Peak Transaction Periods,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External Cybersecurity Experts, , .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented Additional Security Measures To Strengthen It Infrastructure, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Play Ransomware and Cybercriminals.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-11-29.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-12-11.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-12-30.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was material impact (revenue loss from digital sales, cybersecurity expert fees, system restoration costs).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security Numbers, Financial Account Information, Driver's License Information, Client Documents, Budget, Payroll, Accounting, Contracts, Taxes, IDs, Finance Information, , Social Security numbers, dates of birth, driver’s license numbers, financial account information, credit and debit card details with security codes, passport numbers, usernames and passwords for financial accounts, biometric data, medical and health insurance information, U.S. military ID numbers, immigration-related documentation, digital signatures, email credentials, , Social Security numbers, financial account information, passport numbers, biometric data, personally identifiable information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was online ordering system.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was External Cybersecurity Experts, , .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Took Measures to Contain the Breach.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Accounting, usernames and passwords for financial accounts, financial account information, Financial Account Information, Payroll, Social Security numbers, Driver's License Information, email credentials, immigration-related documentation, Contracts, personally identifiable information, Social Security Numbers, dates of birth, digital signatures, IDs, medical and health insurance information, U.S. military ID numbers, Taxes, Finance Information, passport numbers, biometric data, driver’s license numbers, Client Documents, credit and debit card details with security codes and Budget.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 738.2K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Hackers exploit holiday periods when security teams may be understaffed or monitoring relaxed. Proactive security measures, employee training, and incident response preparedness are critical during high-risk periods like Black Friday.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Monitor for unauthorized activity with heightened vigilance during peak seasons., Verify payment details independently to prevent wire transfer fraud, especially during holidays., Stay vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges, Review and test incident response plans regularly., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays). and Regular review of personal financial information to detect potential identity theft early.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Krispy Kreme SEC Filing (December 11, 2024), BleepingComputer, Krispy Kreme Doughnut Corporation and Krispy Kreme Customer Notification (May 2025).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an yes (notified 62 and000 affected individuals in May 2025).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=krispy-kreme' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
