---
title: "Threat actors target a popular donut company in the US! | Phish Protection"
description: "Donut lovers, this news may be a cause of concern for you all. The donut company Krispy Kreme faced a incident last month."
image: "https://phishprotection.com/og/blog/threat-actors-target-a-popular-donut-company-in-the-us.png"
canonical: "https://phishprotection.com/blog/threat-actors-target-a-popular-donut-company-in-the-us/"
---

Quick Answer

Donut lovers, this news may be a cause of concern for you all. The US-based donut company Krispy Kreme faced a cybersecurity incident last month. The attack on one of the world’s largest donut companies is a staggering reminder that threat actors are always on the move and are getting sophisticated, one attack at a time.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthreat-actors-target-a-popular-donut-company-in-the-us%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Threat%20actors%20target%20a%20popular%20donut%20company%20in%20the%20US!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthreat-actors-target-a-popular-donut-company-in-the-us%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthreat-actors-target-a-popular-donut-company-in-the-us%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthreat-actors-target-a-popular-donut-company-in-the-us%2F&title=Threat%20actors%20target%20a%20popular%20donut%20company%20in%20the%20US! "Share on Reddit") [ ](mailto:?subject=Threat%20actors%20target%20a%20popular%20donut%20company%20in%20the%20US!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fthreat-actors-target-a-popular-donut-company-in-the-us%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2024/12/anti-phishing-protection-7425.jpg) 

Donut lovers, this news may be a cause of concern for you all. The**US-based**donut company Krispy Kreme faced a[cybersecurity](/phishing/cybersecurity-emerging-threats-phishing-email-security-malware)incident last month. The attack on one of the world’s largest donut companies is a staggering reminder that threat actors are always on the move and are getting sophisticated, one attack at a time.

The cyberattack disrupted the Krispy Kreme’s online ordering system. Ever since the cyber incident has been in the news, the company has also experienced a reduction of 2% in its share values. As per the**Securities and Exchange Commission** [filing](https://www.sec.gov/Archives/edgar/data/1857154/000185715424000123/dnut-20241211.htm)by Krispy Kreme, there has been an ‘unauthorized activity on a portion of its information technology systems.’

Since then, it has been in constant touch with[cybersecurity experts](https://www.indeed.com/career-advice/finding-a-job/what-does-cyber-security-specialist-do)and is trying to minimize the impact of the threat attack. The federal law enforcement team has already been informed. Experts are working hard to put the online ordering system up and running. 

Krispy Kreme expects a ‘**material impact**’ on daily business operations.

Since online ordering has been stalled as of now, the donut company expects a loss in terms of reduced revenue through digital sales

. The good news is that Krispy Kreme is accepting in-person orders.

![Anti phishing protection](https://media.mailhop.org/phishprotection/images/2024/12/anti-phishing-protection-7425.jpg) 

As per the filings that the company made on**December 10**, Krispy Kreme was aware of the[cyberattack](https://www.darkreading.com/cyberattacks-data-breaches/krispy-kreme-doughnut-delivery-cooked-cyberattack)in November. The donut company took immediate action. 

Krispy Kreme has warned its customers about the**security breach**on its official website. The alert mentions the current operational disruptions around online ordering of donuts. Krispy Kreme has also mentioned that it is aware of the inconvenience its [loyal customers](https://www.indeed.com/career-advice/career-development/building-customer-loyalty) are going through and that it is trying its best to bring things back to normal.

The company has emphasized that they are cooperating with cybersecurity teams to “investigate, contain and remediate” the cyberattack

. It has requested customers to visit their nearest convenience or grocery stores to enjoy freshly made donuts.

Krispy Kreme has been tightlipped about whether or not the**customer data**has been compromised. However, consumer privacy experts believe that anyone who has ordered donuts from Krispy Kreme online should consider themselves exposed. They believe that such attacks do not only aim at disrupting day-to-day operations but also scrape off data. Cybersecurity investigations may take as long as 6 months to find out about such consumer[data breaches](/phishing/data-breaches-how-they-impact-small-businesses). 

At present, Krispy Kreme has over 400 outlets across the US. It has a total of[8,018](https://www.foodbusinessnews.net/articles/27377-krispy-kreme-targeted-in-cyberattack)points of access that includes 71 Fresh Shops, 236 Hot Light Theatre shops, and 7,711 Delivered Fresh Daily branded donut cabinets across quick service restaurants, convenience stores, drug stores and club stores. This American multinational donut company and coffeehouse chain has partnered with**McDonalds**in order to make its products easily accessible to its dedicated customer base.

As per the fiscal 2024 third quarter, Krispy Kreme’s US organic revenue growth is around 2.5%. The increase in \*\*digital channel \*\* revenue has been[21%](https://www.foodbusinessnews.net/articles/27377-krispy-kreme-targeted-in-cyberattack). This shows the significance of digital platforms for Krispy Kreme. This sudden cyber incident has put digital operations on a halt. 

So far, no threat groups have taken responsibility for the cyberattack. Experts and investigating teams are already looking into the matter to find out the real culprits. It is yet not clear if it was a[ransomware attack](https://www.voanews.com/a/ransomware-attacks-death-threats-endangered-patients-and-millions-of-dollars-in-damages/7520952.html). 

![Threat Intelligence](https://media.mailhop.org/phishprotection/images/2024/12/Threat-Intelligence.jpg) 

### **Cyber lessons that businesses must learn from Krispy Kreme attack!**

[Threat actors](/cybersecurity/cyber-disinformation-is-becoming-one-of-the-biggest-concerns-in-us-elections)are relentlessly targeting everything from critical infrastructures and**corporate sectors**to supply chain systems and everyday business operations. While cyberattacks were once confined to high-tech industries, today, no business is immune - even those with minimal reliance on complex[digital systems](https://www.geeksforgeeks.org/introduction-to-digital-systems/). \_ \_

For instance, incidents like the Krispy Kreme cyberattack underscore the devastating impact such threats can have, including chaos, poor customer experiences, severe financial losses, and operational disruptions

. Beyond these immediate consequences, attacks can erode customer trust and tarnish[brand reputations](https://influencity.com/blog/en/brand-reputation-definition).

Implementing robust[phishing protection](/)is crucial to safeguarding your business against these evolving threats. Phishing remains one of the most common and effective methods attackers use to breach systems, often serving as a gateway to more extensive cyberattacks . By investing in proactive measures like**phishing awareness training**,[secure email gateways](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-email-security/what-is-a-secure-email-gateway-seg/), and advanced threat detection tools, businesses can significantly reduce the risk of falling victim to these malicious schemes.

The Krispy Kreme attack may look like a one-off incident.

However, these attacks generally serve as the entry point through which threat actors get access to data and critical systems, which they can further leverage to plan and execute future cyberattacks

.

Cybersecurity experts urge businesses and companies to adopt PAM or[Privileged Access Management systems](https://insider.govtech.com/california/news/l-a-superior-court-seeking-proposals-for-privileged-access-management)in order to restrain such unfortunate cyber incidents. PAM allows limited access to sensitive assets to important and essential members. Also, it offers consistent monitoring in order to track any kind of[suspicious activities](https://www.complianceweek.com/aml/fincen-bsa-data-fraud-money-laundering-top-suspicious-activities/34936.article).

Using a[multi-factor authentication](https://www.ibm.com/think/topics/multi-factor-authentication)system and maintaining a strong password management system can also help prevent similar kinds of cyberattacks. Regular \*\* security audits and employee training\*\* should also be mandatory if you wish to keep cyberattackers at arm’s length. 

The key is to understand that cybersecurity is no longer a[state-of-the-art](https://www.usatoday.com/story/news/nation/2024/12/15/drone-sightings-updates-mystery/77006999007/), fancy term. Rather, it is the need of the hour if you wish to enhance the operational resilience of your organization as well as retain your**brand’s goodwill and reputation**.

## Topics

[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 14m  12 Real-World Spear Phishing Examples And The Red Flags You Missed  Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[  Foundational 2m  8 million Android users fell prey to SpyLoan malware on Google Play Store  Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[  Foundational 1m  A Big Part of the Phishing Problem is You  Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Threat actors target a popular donut company in the US!","description":"Donut lovers, this news may be a cause of concern for you all. The donut company Krispy Kreme faced a incident last month.","url":"https://phishprotection.com/blog/threat-actors-target-a-popular-donut-company-in-the-us/","datePublished":"2024-12-20T11:22:29.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2024-12-20T11:22:29.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/threat-actors-target-a-popular-donut-company-in-the-us/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":954,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2024/12/anti-phishing-protection-7425.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Threat actors target a popular donut company in the US!","item":"https://phishprotection.com/blog/threat-actors-target-a-popular-donut-company-in-the-us/"}]}
```