Krispy Kreme Confirms Data Breach – Personal Information Stolen By Attackers

Krispy Kreme Doughnut Corporation has confirmed a significant data security incident affecting thousands of current and former employees, along with their family members, following unauthorized access to company systems discovered in late November 2024.

The popular doughnut chain became aware of suspicious activity on November 29, 2024, when cybercriminals gained unauthorized access to portions of its information technology infrastructure.

The company immediately launched an investigation with leading cybersecurity experts to contain and remediate the breach.

Personal Data Compromised

After a comprehensive six-month investigation concluded on May 22, 2025, Krispy Kreme determined that attackers accessed a wide range of sensitive personal information.

The compromised data varies by individual but includes highly sensitive details such as Social Security numbers, dates of birth, driver’s license numbers, financial account information, credit and debit card details with security codes, and passport numbers.

Additional compromised information also includes usernames and passwords for financial accounts, biometric data, medical and health insurance information, U.S. military ID numbers, and immigration-related documentation, such as USCIS or Alien Registration Numbers.

The breach also affected digital signatures and email credentials, creating potential risks for identity theft and financial fraud.

Krispy Kreme emphasized that the vast majority of affected individuals are current employees, former employees, and their family members.

The company stated there is currently no evidence that the stolen information has been misused, and no reports of identity theft or fraud directly linked to this incident have been identified.

To protect affected individuals, Krispy Kreme is providing complimentary credit monitoring and identity protection services. Enrollment details are being sent directly to those impacted through individual notice letters.

Following the incident, Krispy Kreme implemented additional security measures to strengthen its IT infrastructure and prevent future breaches. The company continues working to enhance system security and protect customer and employee data.

The corporation strongly advises all affected individuals to remain vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges.

Regular review of personal financial information can help detect potential identity theft early. Individuals with questions about the data breach can contact Krispy Kreme’s dedicated support line at (866) 461-2984, available Monday through Friday from 8:00 AM to 5:30 PM Central Time, excluding major US holidays.

Live Credential Theft Attack Unmask & Instant Defense – Free Webinar

The post Krispy Kreme Confirms Data Breach – Personal Information Stolen by Attackers appeared first on Cyber Security News.