Krispy Kreme Settles $1.6M Lawsuit After 2024 Data Breach Exposing Customer Financial Data
Krispy Kreme has agreed to a $1.6 million settlement following a 2024 cyberattack that compromised customers’ sensitive data, including Social Security numbers and bank account details. The breach, which exposed names, dates of birth, and financial account information, led to a class-action lawsuit alleging inadequate data protection.
Affected customers who suffered fraud or financial losses may qualify for payouts of up to $3,500, while those without direct losses could receive $75. The settlement also includes a year of free credit monitoring and identity theft protection. Claims must be submitted by June 22, with documentation required for fraud-related compensation.
As part of the agreement, Krispy Kreme has committed to strengthening its cybersecurity measures, though the company denies any wrongdoing. The final approval hearing is set for July 6. The doughnut chain, founded in 1937 and headquartered in North Carolina, operates over 340 U.S. locations, including 41 in California.
Customers were notified of the breach and settlement, with officials cautioning against submitting claims without meeting eligibility requirements. The incident follows a similar $7.4 million settlement by Trader Joe’s last month over exposed credit card data on receipts.
Krispy Kreme cybersecurity rating report: https://www.rankiteo.com/company/krispy-kreme
"id": "KRI1779892471",
"linkid": "krispy-kreme",
"type": "Breach",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Customers with exposed data',
'industry': 'Food & Beverage',
'location': 'North Carolina, USA',
'name': 'Krispy Kreme',
'size': '340+ U.S. locations',
'type': 'Corporation'}],
'customer_advisories': 'Customers notified of breach and settlement; '
'cautioned against submitting claims without '
'eligibility',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'Bank account details',
'Names',
'Dates of birth',
'Financial account information']},
'date_publicly_disclosed': '2024',
'description': 'Krispy Kreme has agreed to a $1.6 million settlement '
'following a 2024 cyberattack that compromised customers’ '
'sensitive data, including Social Security numbers and bank '
'account details. The breach exposed names, dates of birth, '
'and financial account information, leading to a class-action '
'lawsuit alleging inadequate data protection.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Names, dates of birth, Social Security '
'numbers, bank account details, financial '
'account information',
'financial_loss': '$1.6 million settlement',
'identity_theft_risk': 'Yes',
'legal_liabilities': 'Class-action lawsuit',
'payment_information_risk': 'Yes'},
'post_incident_analysis': {'corrective_actions': 'Strengthened cybersecurity '
'measures'},
'recommendations': 'Strengthen cybersecurity measures, provide credit '
'monitoring and identity theft protection',
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit'},
'response': {'communication_strategy': 'Customer notifications and settlement '
'advisories',
'remediation_measures': 'Strengthened cybersecurity measures'},
'title': 'Krispy Kreme Data Breach Settlement',
'type': 'Data Breach'}