Krispy Kreme Inc.: Krispy Kreme $1.6 Million Data Breach Deal Gets First Court Nod

Krispy Kreme Settles $1.6M Class Action Over 2024 Employee Data Breach

Krispy Kreme Inc. has agreed to pay $1.6 million to resolve a proposed class action lawsuit alleging the company failed to adequately protect the personal data of nearly 162,000 employees exposed in a 2024 breach. The settlement received preliminary approval from the U.S. District Court for the Western District of North Carolina.

Under the terms of the deal, affected employees defined as class members may claim up to $3,500 in reimbursement for documented losses tied to the breach or opt for a $75 cash payment. The incident underscores the financial and reputational risks companies face when employee data is compromised due to insufficient security measures.

The breach highlights ongoing vulnerabilities in corporate data protection, particularly for large employers handling sensitive workforce information. The settlement reflects a growing trend of legal and financial consequences for organizations following cybersecurity failures.

Source: https://news.bloomberglaw.com/litigation/krispy-kreme-1-6-million-data-breach-deal-gets-first-court-nod

Krispy Kreme cybersecurity rating report: https://www.rankiteo.com/company/krispy-kreme

"id": "KRI1772821859",
"linkid": "krispy-kreme",
"type": "Breach",
"date": "1/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '162,000 employees',
                        'industry': 'Food & Beverage',
                        'location': 'United States',
                        'name': 'Krispy Kreme Inc.',
                        'size': 'Large',
                        'type': 'Company'}],
 'data_breach': {'number_of_records_exposed': '162,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (employee data)',
                 'type_of_data_compromised': 'Personal data'},
 'date_publicly_disclosed': '2024',
 'description': 'Krispy Kreme Inc. has agreed to pay $1.6 million to resolve a '
                'proposed class action lawsuit alleging the company failed to '
                'adequately protect the personal data of nearly 162,000 '
                'employees exposed in a 2024 breach. The settlement received '
                'preliminary approval from the U.S. District Court for the '
                'Western District of North Carolina. Under the terms of the '
                'deal, affected employees defined as class members may claim '
                'up to $3,500 in reimbursement for documented losses tied to '
                'the breach or opt for a $75 cash payment.',
 'impact': {'brand_reputation_impact': 'Reputational risks',
            'data_compromised': 'Personal data of employees',
            'financial_loss': '$1,600,000',
            'legal_liabilities': 'Class action lawsuit'},
 'lessons_learned': 'Ongoing vulnerabilities in corporate data protection, '
                    'particularly for large employers handling sensitive '
                    'workforce information.',
 'post_incident_analysis': {'root_causes': 'Insufficient security measures'},
 'references': [{'source': 'U.S. District Court for the Western District of '
                           'North Carolina'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
 'title': 'Krispy Kreme Settles $1.6M Class Action Over 2024 Employee Data '
          'Breach',
 'type': 'Data Breach'}