Krispy Kreme Doughnut Corporation experienced a significant data breach in late November 2024, affecting thousands of current and former employees, along with their family members. The breach exposed highly sensitive personal information, including Social Security numbers, financial account information, biometric data, and medical information. The company has since implemented additional security measures and is offering complimentary credit monitoring and identity protection services to those affected.
Source: https://cybersecuritynews.com/krispy-kreme-confirms-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/krispy-kreme
"id": "kri606061925",
"linkid": "krispy-kreme",
"type": "Breach",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Thousands of current and former '
'employees, along with their '
'family members',
'industry': 'Food and Beverage',
'name': 'Krispy Kreme Doughnut Corporation',
'type': 'Corporation'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'number_of_records_exposed': 'Thousands',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'dates of birth',
'driver’s license numbers',
'financial account information',
'credit and debit card details '
'with security codes',
'passport numbers',
'usernames and passwords for '
'financial accounts',
'biometric data',
'medical and health insurance '
'information',
'U.S. military ID numbers',
'immigration-related '
'documentation',
'digital signatures',
'email credentials']},
'date_detected': '2024-11-29',
'date_publicly_disclosed': '2025-05-22',
'description': 'Krispy Kreme Doughnut Corporation has confirmed a significant '
'data security incident affecting thousands of current and '
'former employees, along with their family members, following '
'unauthorized access to company systems discovered in late '
'November 2024.',
'impact': {'data_compromised': ['Social Security numbers',
'dates of birth',
'driver’s license numbers',
'financial account information',
'credit and debit card details with security '
'codes',
'passport numbers',
'usernames and passwords for financial '
'accounts',
'biometric data',
'medical and health insurance information',
'U.S. military ID numbers',
'immigration-related documentation',
'digital signatures',
'email credentials'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': ['Implemented additional '
'security measures to '
'strengthen IT '
'infrastructure']},
'recommendations': ['Stay vigilant by closely monitoring financial accounts, '
'statements, and credit reports for suspicious activity '
'or unauthorized charges',
'Regular review of personal financial information to '
'detect potential identity theft early'],
'references': [{'source': 'Krispy Kreme Doughnut Corporation'}],
'response': {'communication_strategy': ['Individual notice letters to '
'affected individuals',
'Dedicated support line'],
'incident_response_plan_activated': 'Yes',
'remediation_measures': ['Complimentary credit monitoring and '
'identity protection services',
'Additional security measures to '
'strengthen IT infrastructure'],
'third_party_assistance': 'Yes'},
'threat_actor': 'Cybercriminals',
'title': 'Krispy Kreme Data Security Incident',
'type': 'Data Breach'}