Krispy Kreme
Company Details
Linkedin ID:
krispy-kreme
Website:
Employees number:
10,305
Number of followers:
131,591
NAICS:
722
Industry Type:
Homepage:
krispykreme.com
IP Addresses:
0
Company ID:
KRI_2894119
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Krispy Kreme Vendor Cyber Rating & Cyber Score
krispykreme.comHeadquartered in Charlotte, N.C., Krispy Kreme is one of the most beloved and well-known sweet treat brands in the world. Our iconic Original Glazed® doughnut is universally recognized for its hot-off-the-line, melt-in-your-mouth experience. Krispy Kreme operates in more than 40 countries through its unique network of fresh doughnut shops, partnerships with leading retailers, and a rapidly growing digital business. Our purpose of touching and enhancing lives through the joy that is Krispy Kreme guides how we operate every day and is reflected in the love we have for our people, our communities, and the planet.
Krispy Kreme A.I CyberSecurity Scoring
Krispy Kreme Risk Score (AI oriented)Between 0 and 549
Krispy Kreme
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Krispy Kreme Global Score (TPRM)XXXX
Krispy Kreme
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Krispy Kreme Company CyberSecurity News & History
Past Incidents
4
Attack Types
3
Krispy Kreme: FBI Aware of 900 Organizations Hit by Play Ransomware
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Play Ransomware Gang Hits 900 Victims in Three-Year Spree, Governments Warn The Play ransomware gang, also known as Playcrypt, has compromised approximately 900 organizations since its emergence in June 2022, according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Australian Cyber Security Centre (ACSC). The group employs double-extortion tactics, encrypting systems while also exfiltrating sensitive data to pressure victims into paying ransoms. Initially reported to have targeted around 300 victims by October 2023, Play has since escalated its operations, becoming one of the most active ransomware groups in 2024. The latest advisory, released in May 2025, highlights new tactics, techniques, and procedures (TTPs) observed in recent attacks, including the exploitation of three critical vulnerabilities in the SimpleHelp remote monitoring and management (RMM) software. Tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726, these flaws can be chained to gain administrator privileges and execute arbitrary code, fully compromising vulnerable systems. Play’s operators evade detection by recompiling the ransomware for each attack, tailoring it to specific targets. Victims are contacted via unique email addresses (using @gmx.de or @web[.]de domains) or phone calls, with threat actors often routing extortion demands to publicly listed numbers, such as help desks or customer service lines. The advisory also warns of an ESXi variant of the ransomware, which shuts down virtual machines (VMs) and encrypts related files using randomly generated per-file keys. Like the Windows variant, the ESXi version is recompiled for each campaign and includes command-line flags for targeted encryption or debugging. The joint advisory underscores Play’s growing threat as the group continues to refine its methods and expand its victim count.
Krispy Kreme
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: On Black Friday 2024, Krispy Kreme detected unauthorized network activity, marking the start of a cyber-attack that crippled its online ordering system until December 30, 2024. The incident led to significant financial and operational disruptions, including lost digital sales revenue, cybersecurity advisory fees, and system restoration costs, all of which materially impacted the company’s financial condition. Months later, in May 2025, Krispy Kreme disclosed that nearly 62,000 individuals had their highly sensitive data stolen, including Social Security numbers, financial account details, passport numbers, and biometric data. The breach exploited potential holiday-season vulnerabilities, such as understaffed security teams and relaxed IT monitoring. The prolonged investigation and recovery underscored the attack’s severity, with long-term reputational and financial repercussions for the company.
Krispy Kreme Doughnut Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Krispy Kreme Doughnut Corporation experienced a significant data breach in late November 2024, affecting thousands of current and former employees, along with their family members. The breach exposed highly sensitive personal information, including Social Security numbers, financial account information, biometric data, and medical information. The company has since implemented additional security measures and is offering complimentary credit monitoring and identity protection services to those affected.
Krispy Kreme Inc.: Krispy Kreme $1.6 Million Data Breach Deal Gets First Court Nod
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Krispy Kreme Settles $1.6M Class Action Over 2024 Employee Data Breach Krispy Kreme Inc. has agreed to pay $1.6 million to resolve a proposed class action lawsuit alleging the company failed to adequately protect the personal data of nearly 162,000 employees exposed in a 2024 breach. The settlement received preliminary approval from the U.S. District Court for the Western District of North Carolina. Under the terms of the deal, affected employees defined as class members may claim up to $3,500 in reimbursement for documented losses tied to the breach or opt for a $75 cash payment. The incident underscores the financial and reputational risks companies face when employee data is compromised due to insufficient security measures. The breach highlights ongoing vulnerabilities in corporate data protection, particularly for large employers handling sensitive workforce information. The settlement reflects a growing trend of legal and financial consequences for organizations following cybersecurity failures.
Krispy Kreme Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Krispy Kreme
Incidents vs Food and Beverage Services Industry Average (This Year)
No incidents recorded for Krispy Kreme in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Krispy Kreme in 2026.
Incident Types Krispy Kreme vs Food and Beverage Services Industry Avg (This Year)
No incidents recorded for Krispy Kreme in 2026.
Incident History — Krispy Kreme (X = Date, Y = Severity)
Krispy Kreme cyber incidents detection timeline including parent company and subsidiaries
Krispy Kreme Company Subsidiaries
Headquartered in Charlotte, N.C., Krispy Kreme is one of the most beloved and well-known sweet treat brands in the world. Our iconic Original Glazed® doughnut is universally recognized for its hot-off-the-line, melt-in-your-mouth experience. Krispy Kreme operates in more than 40 countries through its unique network of fresh doughnut shops, partnerships with leading retailers, and a rapidly growing digital business. Our purpose of touching and enhancing lives through the joy that is Krispy Kreme guides how we operate every day and is reflected in the love we have for our people, our communities, and the planet.
Loading...
Krispy Kreme Similar Companies
The Kraft Heinz Company is one of the largest food and beverage companies in the world, with eight $1 billion+ brands and global sales of approximately $25 billion. We’re a globally trusted producer of high-quality, great-tasting, and nutritious foods for over 150 years. While Kraft Heinz is co-head
Compass Group is a global leader in food services operating in over 25 countries with around 590,000 employees worldwide and generating underlying revenues of over $46 billion for the 2025 fiscal year. Our vision is to be a world-class provider of contract food services and support services, renowne
Nestlé Nespresso SA
Coffee is at the heart of everything we do, and consumer satisfaction is why we do it. Our story started with one simple idea: everyone should be able to make the perfect cup of coffee at home. Something we still believe today, which is why we think delivering the highest quality coffee, sip after
Compass Group USA
Compass Group is redefining the food and facility services landscape with innovation and passion through the lens of what’s next. Serving premier healthcare systems, respected educational institutions, world-renowned cultural centers, popular sporting and entertainment venues, and Fortune 500 organi
US Foods
US Foods is one of America’s great food companies and a leading foodservice distributor, partnering with approximately 300,000 restaurants and foodservice operators to help their businesses succeed. With 28,000 associates and more than 70 locations, US Foods provides its customers with a broad and
Sysco is the global leader in selling, marketing and distributing food and related products to customers who prepare meals away from home. This includes restaurants, healthcare and educational facilities, lodging establishments, entertainment venues, and more. Sysco operates almost 340 distribution
Arca Continental
Arca Continental produces, distributes and sells non-alcoholic beverages under The Coca-Cola Company brand, as well as snacks under the brands of Bokados in Mexico, Inalecsa in Ecuador and Wise in the US. With an outstanding history spanning more than 98 years, Arca Continental is the second-larges
PepsiCo is a playground for curious people. We invite thinkers, doers, and changemakers to champion innovation, take calculated risks, and challenge the status quo. From executives to team members on the front lines, we’re excited about the future. We take chances. Together, we dare to make the worl
The HEINEKEN Company
HEINEKEN - the world's most international brewer. It is the leading developer and marketer of premium beer and cider brands. Led by the Heineken® brand, the Group has a portfolio of more than 500 international, regional, local, and speciality beers and ciders. We are committed to innovation, long-te
.png)
Krispy Kreme CyberSecurity News
January 30, 2026 08:00 AM
Panera, Krispy Kreme contend with security breach lawsuits as data breaches are on the rise
Panera confirmed its second data security incident in two years, while Krispy Kreme agreed to pay a $1.6 million settlement after a 2024...
January 28, 2026 08:00 AM
Krispy Kreme to Pay $1.6 Million to Settle Data Breach Lawsuit
Krispy Kreme Inc. will pay $1616760 to settle a proposed class action alleging it negligently failed to protect the personal information of...
September 03, 2025 07:00 AM
FBI Director bought Krispy Kreme shares while it faces an FBI probe
Kash Patel invested up to $50000 in Krispy Kreme as the FBI investigates a breach affecting 160000 customers.
July 29, 2025 06:31 PM
Securing the Sweet Treats
Everyone has a Krispy Kreme story, CISO and Senior Director, Infrastructure, Jerry Fowler says, adding that those stories are more than doughnut reviews.
June 28, 2025 07:00 AM
Krispy Kreme sees lawsuits mount after data breach impacting over 160,000 people
The doughnut company already is dealing with lawsuits stemming from the abrupt end to a deal with McDonald's.
June 23, 2025 07:00 AM
New Details Emerge on Krispy Kreme’s 2024 Data Breach
Krispy Kreme has released a detailed update on the ransomware attack that targeted its systems in November 2024, confirming that the breach...
June 23, 2025 07:00 AM
Krispy Kreme Doughnut Corporation Under Investigation for Data Breach of Over 160,000 Employee Records
We are investigating a data breach impacting the sensitive personal and health information of 161676 current and former employees of Krispy...
June 20, 2025 07:00 AM
Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack
Krispy Kreme began sending out breach notification documents to thousands of victims this week after a cyberattack in November exposed troves of data.
June 20, 2025 07:00 AM
Cyber Security Headlines Week in Review: ClickFake deepfake scam, Krispy Kreme breach, NIST ZTA guidance
A cautionary tale from the crypto world, but equally applicable to regular businesses and organizations. Security firm Huntress reports on a...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Krispy Kreme CyberSecurity History Information
Official Website of Krispy Kreme
The official website of Krispy Kreme is http://www.krispykreme.com.
Krispy Kreme’s AI-Generated Cybersecurity Score
According to Rankiteo, Krispy Kreme’s AI-generated cybersecurity score is 506, reflecting their Critical security posture.
How many security badges does Krispy Kreme’ have ?
According to Rankiteo, Krispy Kreme currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Krispy Kreme been affected by any supply chain cyber incidents ?
According to Rankiteo, Krispy Kreme has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Krispy Kreme have SOC 2 Type 1 certification ?
According to Rankiteo, Krispy Kreme is not certified under SOC 2 Type 1.
Does Krispy Kreme have SOC 2 Type 2 certification ?
According to Rankiteo, Krispy Kreme does not hold a SOC 2 Type 2 certification.
Does Krispy Kreme comply with GDPR ?
According to Rankiteo, Krispy Kreme is not listed as GDPR compliant.
Does Krispy Kreme have PCI DSS certification ?
According to Rankiteo, Krispy Kreme does not currently maintain PCI DSS compliance.
Does Krispy Kreme comply with HIPAA ?
According to Rankiteo, Krispy Kreme is not compliant with HIPAA regulations.
Does Krispy Kreme have ISO 27001 certification ?
According to Rankiteo,Krispy Kreme is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Krispy Kreme
Krispy Kreme operates primarily in the Food and Beverage Services industry.
Number of Employees at Krispy Kreme
Krispy Kreme employs approximately 10,305 people worldwide.
Subsidiaries Owned by Krispy Kreme
Krispy Kreme presently has no subsidiaries across any sectors.
Krispy Kreme’s LinkedIn Followers
Krispy Kreme’s official LinkedIn profile has approximately 131,591 followers.
NAICS Classification of Krispy Kreme
Krispy Kreme is classified under the NAICS code 722, which corresponds to Food Services and Drinking Places.
Krispy Kreme’s Presence on Crunchbase
No, Krispy Kreme does not have a profile on Crunchbase.
Krispy Kreme’s Presence on LinkedIn
Yes, Krispy Kreme maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/krispy-kreme.
Cybersecurity Incidents Involving Krispy Kreme
As of April 04, 2026, Rankiteo reports that Krispy Kreme has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Krispy Kreme has an estimated 8,655 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Krispy Kreme ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Cyber Attack and Breach.
What was the total financial impact of these incidents on Krispy Kreme ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $1.60 million.
How does Krispy Kreme detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with yes, and remediation measures with complimentary credit monitoring and identity protection services, remediation measures with additional security measures to strengthen it infrastructure, and communication strategy with individual notice letters to affected individuals, communication strategy with dedicated support line, and incident response plan activated with yes (investigation initiated post-detection), and third party assistance with yes (cybersecurity experts and advisors engaged), and remediation measures with system restoration, ongoing investigation, and recovery measures with online ordering system restored by december 30, 2024, and communication strategy with sec filing (december 11, 2024), customer notification (may 2025), and communication strategy with victims contacted via unique @gmx.de or @web.de emails, and some via phone for extortion..
Incident Details
Can you provide details on each incident ?
Title: Krispy Kreme Data Security Incident
Description: Krispy Kreme Doughnut Corporation has confirmed a significant data security incident affecting thousands of current and former employees, along with their family members, following unauthorized access to company systems discovered in late November 2024.
Date Detected: 2024-11-29
Date Publicly Disclosed: 2025-05-22
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Cybercriminals
Title: Krispy Kreme Black Friday 2024 Cyberattack and Data Breach
Description: On Black Friday 2024, Krispy Kreme detected unauthorized activity on its network, leading to a cyberattack that disrupted its online ordering system until December 30, 2024. The incident resulted in the theft of sensitive personal data of nearly 62,000 individuals, including Social Security numbers, financial account information, passport numbers, and biometric data. The attack was disclosed in an SEC filing on December 11, 2024, with expected material financial and operational impacts. The company continued its investigation into 2025, confirming the data breach in May 2025.
Date Detected: 2024-11-29
Date Publicly Disclosed: 2024-12-11
Date Resolved: 2024-12-30
Type: cyberattack
Motivation: financial gaindata theft
Title: Play Ransomware Gang Activity
Description: The Play ransomware gang has made roughly 900 victims over the past three years, engaging in double-extortion tactics that include exfiltrating victims’ data and leveraging it for extortion, in addition to encrypting systems. The group is also known as Playcrypt and has been active since June 2022. The US and Australian governments released an updated advisory on the group's tactics, techniques, and procedures (TTPs).
Date Publicly Disclosed: 2023-12
Type: Ransomware
Attack Vector: Exploitation of vulnerabilities in SimpleHelp RMM softwareInitial access brokers
Vulnerability Exploited: CVE-2024-57727CVE-2024-57728CVE-2024-57726
Threat Actor: Play ransomware gang (Playcrypt)
Motivation: Financial gainData extortion
Title: Krispy Kreme Settles $1.6M Class Action Over 2024 Employee Data Breach
Description: Krispy Kreme Inc. has agreed to pay $1.6 million to resolve a proposed class action lawsuit alleging the company failed to adequately protect the personal data of nearly 162,000 employees exposed in a 2024 breach. The settlement received preliminary approval from the U.S. District Court for the Western District of North Carolina. Under the terms of the deal, affected employees defined as class members may claim up to $3,500 in reimbursement for documented losses tied to the breach or opt for a $75 cash payment.
Date Publicly Disclosed: 2024
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Exploitation of SimpleHelp RMM software vulnerabilities.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach KRI606061925
Data Compromised: Social security numbers, Dates of birth, Driver’s license numbers, Financial account information, Credit and debit card details with security codes, Passport numbers, Usernames and passwords for financial accounts, Biometric data, Medical and health insurance information, U.s. military id numbers, Immigration-related documentation, Digital signatures, Email credentials
Identity Theft Risk: High
Payment Information Risk: High
Incident : cyberattack KRI5093650100125
Financial Loss: material impact (revenue loss from digital sales, cybersecurity expert fees, system restoration costs)
Data Compromised: Social security numbers, Financial account information, Passport numbers, Biometric data, Personally identifiable information
Systems Affected: online ordering system
Downtime: 31 days (November 29, 2024 – December 30, 2024)
Operational Impact: online ordering system offline, extended investigation period
Revenue Loss: loss of digital sales during peak holiday season
Brand Reputation Impact: high (public disclosure of sensitive data breach)
Identity Theft Risk: high (SSNs, financial data, biometric data exposed)
Payment Information Risk: high (financial account information compromised)
Incident : Ransomware KRI1768390561
Systems Affected: Windows systemsESXi virtual machines
Operational Impact: Encryption of critical files and VMs, leading to operational disruption
Identity Theft Risk: True
Incident : Data Breach KRI1772821859
Financial Loss: $1,600,000
Data Compromised: Personal data of employees
Brand Reputation Impact: Reputational risks
Legal Liabilities: Class action lawsuit
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $400.00 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, Dates Of Birth, Driver’S License Numbers, Financial Account Information, Credit And Debit Card Details With Security Codes, Passport Numbers, Usernames And Passwords For Financial Accounts, Biometric Data, Medical And Health Insurance Information, U.S. Military Id Numbers, Immigration-Related Documentation, Digital Signatures, Email Credentials, , Personally Identifiable Information (Pii), Financial Data, Biometric Data, Government-Issued Ids (Ssns, Passports), , Personally Identifiable Information, Financial Data, and Personal data.
Which entities were affected by each incident ?
Incident : Data Breach KRI606061925
Entity Name: Krispy Kreme Doughnut Corporation
Entity Type: Corporation
Industry: Food and Beverage
Customers Affected: Thousands of current and former employees, along with their family members
Incident : cyberattack KRI5093650100125
Entity Name: Krispy Kreme
Entity Type: public company
Industry: food and beverage (donut retail)
Location: United States (global operations)
Customers Affected: 62,000 individuals
Incident : Ransomware KRI1768390561
Customers Affected: 900
Incident : Data Breach KRI1772821859
Entity Name: Krispy Kreme Inc.
Entity Type: Company
Industry: Food & Beverage
Location: United States
Size: Large
Customers Affected: 162,000 employees
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach KRI606061925
Incident Response Plan Activated: Yes
Third Party Assistance: Yes
Remediation Measures: Complimentary credit monitoring and identity protection servicesAdditional security measures to strengthen IT infrastructure
Communication Strategy: Individual notice letters to affected individualsDedicated support line
Incident : cyberattack KRI5093650100125
Incident Response Plan Activated: yes (investigation initiated post-detection)
Third Party Assistance: yes (cybersecurity experts and advisors engaged)
Remediation Measures: system restoration, ongoing investigation
Recovery Measures: online ordering system restored by December 30, 2024
Communication Strategy: SEC filing (December 11, 2024), customer notification (May 2025)
Incident : Ransomware KRI1768390561
Communication Strategy: Victims contacted via unique @gmx.de or @web.de emails, and some via phone for extortion
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes, .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach KRI606061925
Type of Data Compromised: Social security numbers, Dates of birth, Driver’s license numbers, Financial account information, Credit and debit card details with security codes, Passport numbers, Usernames and passwords for financial accounts, Biometric data, Medical and health insurance information, U.s. military id numbers, Immigration-related documentation, Digital signatures, Email credentials
Number of Records Exposed: Thousands
Sensitivity of Data: High
Personally Identifiable Information: Yes
Incident : cyberattack KRI5093650100125
Type of Data Compromised: Personally identifiable information (pii), Financial data, Biometric data, Government-issued ids (ssns, passports)
Number of Records Exposed: 62,000
Sensitivity of Data: high
Data Exfiltration: yes
Personally Identifiable Information: yes
Incident : Ransomware KRI1768390561
Type of Data Compromised: Personally identifiable information, Financial data
Sensitivity of Data: High
Data Encryption: True
Incident : Data Breach KRI1772821859
Type of Data Compromised: Personal data
Number of Records Exposed: 162,000
Sensitivity of Data: High (employee data)
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Complimentary credit monitoring and identity protection services, Additional security measures to strengthen IT infrastructure, , system restoration, ongoing investigation.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : cyberattack KRI5093650100125
Data Exfiltration: yes
Incident : Ransomware KRI1768390561
Ransomware Strain: Play (Playcrypt)
Data Encryption: True
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through online ordering system restored by December 30, 2024.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : cyberattack KRI5093650100125
Regulatory Notifications: SEC filing (December 11, 2024)
Incident : Data Breach KRI1772821859
Legal Actions: Class action lawsuit
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : cyberattack KRI5093650100125
Lessons Learned: Hackers exploit holiday periods when security teams may be understaffed or monitoring relaxed. Proactive security measures, employee training, and incident response preparedness are critical during high-risk periods like Black Friday.
Incident : Data Breach KRI1772821859
Lessons Learned: Ongoing vulnerabilities in corporate data protection, particularly for large employers handling sensitive workforce information.
What recommendations were made to prevent future incidents ?
Incident : Data Breach KRI606061925
Recommendations: Stay vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges, Regular review of personal financial information to detect potential identity theft earlyStay vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges, Regular review of personal financial information to detect potential identity theft early
Incident : cyberattack KRI5093650100125
Recommendations: Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.Verify payment details independently to prevent wire transfer fraud, especially during holidays., Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Hackers exploit holiday periods when security teams may be understaffed or monitoring relaxed. Proactive security measures, employee training, and incident response preparedness are critical during high-risk periods like Black Friday.Ongoing vulnerabilities in corporate data protection, particularly for large employers handling sensitive workforce information.
References
Where can I find more information about each incident ?
Incident : Data Breach KRI606061925
Source: Krispy Kreme Doughnut Corporation
Incident : cyberattack KRI5093650100125
Source: Krispy Kreme SEC Filing (December 11, 2024)
Incident : cyberattack KRI5093650100125
Source: Krispy Kreme Customer Notification (May 2025)
Incident : Ransomware KRI1768390561
Source: Related Articles
Incident : Data Breach KRI1772821859
Source: U.S. District Court for the Western District of North Carolina
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Krispy Kreme Doughnut Corporation, and Source: Krispy Kreme SEC Filing (December 11, 2024), and Source: Krispy Kreme Customer Notification (May 2025), and Source: CISA, FBI, and ACSC AdvisoryDate Accessed: 2025-05, and Source: Related Articles, and Source: U.S. District Court for the Western District of North Carolina.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach KRI606061925
Investigation Status: Completed
Incident : cyberattack KRI5093650100125
Investigation Status: completed (as of May 2025 notification)
Incident : Ransomware KRI1768390561
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Individual Notice Letters To Affected Individuals, Dedicated Support Line, SEC filing (December 11, 2024), customer notification (May 2025), Victims contacted via unique @gmx.de or @web.de emails and and some via phone for extortion.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : cyberattack KRI5093650100125
Customer Advisories: yes (notified 62,000 affected individuals in May 2025)
Incident : Ransomware KRI1768390561
Stakeholder Advisories: US and Australian government agencies released updated TTPs and warnings about the Play ransomware gang.
Customer Advisories: Victims contacted via email or phone for extortion purposes.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were yes (notified 62,000 affected individuals in May 2025), US and Australian government agencies released updated TTPs and warnings about the Play ransomware gang. and Victims contacted via email or phone for extortion purposes..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : cyberattack KRI5093650100125
High Value Targets: Customer Pii, Financial Data,
Data Sold on Dark Web: Customer Pii, Financial Data,
Incident : Ransomware KRI1768390561
Entry Point: Exploitation of SimpleHelp RMM software vulnerabilities
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach KRI606061925
Corrective Actions: Implemented Additional Security Measures To Strengthen It Infrastructure,
Incident : cyberattack KRI5093650100125
Root Causes: Potential Understaffing During Holidays, Relaxed It Monitoring, Exploitation Of Peak Transaction Periods,
Incident : Ransomware KRI1768390561
Root Causes: Exploitation Of Unpatched Vulnerabilities In Simplehelp Rmm Software,
Incident : Data Breach KRI1772821859
Root Causes: Insufficient security measures
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented Additional Security Measures To Strengthen It Infrastructure, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Cybercriminals and Play ransomware gang (Playcrypt).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-11-29.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-12-30.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $1,600,000.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security numbers, dates of birth, driver’s license numbers, financial account information, credit and debit card details with security codes, passport numbers, usernames and passwords for financial accounts, biometric data, medical and health insurance information, U.S. military ID numbers, immigration-related documentation, digital signatures, email credentials, , Social Security numbers, financial account information, passport numbers, biometric data, personally identifiable information, , and Personal data of employees.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was online ordering system and Windows systemsESXi virtual machines.
Response to the Incidents
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were email credentials, U.S. military ID numbers, driver’s license numbers, medical and health insurance information, dates of birth, financial account information, immigration-related documentation, usernames and passwords for financial accounts, digital signatures, personally identifiable information, Social Security numbers, Personal data of employees, passport numbers, biometric data and credit and debit card details with security codes.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 224.0K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Hackers exploit holiday periods when security teams may be understaffed or monitoring relaxed. Proactive security measures, employee training, and incident response preparedness are critical during high-risk periods like Black Friday., Ongoing vulnerabilities in corporate data protection, particularly for large employers handling sensitive workforce information.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Strengthen cybersecurity defenses ahead of high-risk periods (e.g., holidays)., Review and test incident response plans regularly., Monitor for unauthorized activity with heightened vigilance during peak seasons., Regular review of personal financial information to detect potential identity theft early, Ensure compliance with state privacy laws (e.g., Oregon Consumer Privacy Act) to avoid fines., Stay vigilant by closely monitoring financial accounts, statements, and credit reports for suspicious activity or unauthorized charges, Verify payment details independently to prevent wire transfer fraud and especially during holidays..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are U.S. District Court for the Western District of North Carolina, Krispy Kreme Customer Notification (May 2025), Krispy Kreme Doughnut Corporation, CISA, FBI, and ACSC Advisory, Related Articles, Krispy Kreme SEC Filing (December 11 and 2024).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was US and Australian government agencies released updated TTPs and warnings about the Play ransomware gang., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an yes (notified 62,000 affected individuals in May 2025) and Victims contacted via email or phone for extortion purposes.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Exploitation of SimpleHelp RMM software vulnerabilities.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was potential understaffing during holidaysrelaxed IT monitoringexploitation of peak transaction periods, Exploitation of unpatched vulnerabilities in SimpleHelp RMM software, Insufficient security measures.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implemented additional security measures to strengthen IT infrastructure.
.png)
Latest Global CVEs (Not Company-Specific)
Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=krispy-kreme' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
