Krispy Kreme Crumbles: 160,000+ Personal Records Glazed by Cyberattack
Krispy Kreme confirmed a cyberattack exposed personal info of over 160,000 individuals. Blame it on the Play ransomware gang, who ironically didn’t play nice. While no evidence of misuse surfaced, the doughnut giant took action, likely hoping hackers don’t develop a sweet tooth for their secrets again.
Hot Take:
Looks like Krispy Kreme’s security is holier than a doughnut! They just got glazed by the Play ransomware gang, who popped in uninvited to steal the personal information of over 160,000 individuals. Who knew sugary treats could come with such a salty side of cyber drama?
Key Points:
- Over 160,000 individuals’ personal data was stolen in a November 2024 cyberattack on Krispy Kreme.
- Exposed information includes social security numbers, financial data, and driver’s license details.
- The Play ransomware gang claimed responsibility for the attack and leaked data online after failed negotiations.
- Krispy Kreme quickly detected the breach and enlisted cybersecurity experts to assess the damage.
- Play ransomware has been linked to numerous high-profile attacks since its emergence in June 2022.
Oh Glazed and Confused!
Krispy Kreme, the beloved doughnut chain, found itself in a sticky situation when attackers made off with the personal information of 161,676 individuals in a November 2024 cyberattack. While the chain is famous for its sweet treats, it seems this time, the hackers got their hands on a different kind of dough. The icing on this unfortunate cake? They learned of the breach on November 29, but only realized the full extent on May 22, 2025. That’s quite a long time to be left in the dark, even if it’s a chocolate one!
Ransomware with a Side of Sprinkles
In a twist that might even surprise your local conspiracy theorist, the Play ransomware gang took the credit for this digital heist. Like a kid caught with their hand in the cookie jar, they claimed to have snagged not only personal data but also laid their grubby paws on confidential client documents, financial records, and more. When Krispy Kreme refused to cough up the dough (pun intended), Play spilled their ill-gotten gains online faster than you can say “glazed and confused.” The lesson here? Never underestimate a gang with a taste for double extortion and a penchant for ruining doughnut day.
Lessons from the Sweet Side
After the chaos and confusion, Krispy Kreme took swift action to contain the breach and hired external cybersecurity experts to clean up the mess. With their online ordering system temporarily disrupted, doughnut lovers everywhere had to brave the real world for their sugar fix. While the company assures that no reports of identity theft or fraud have surfaced as a direct result, it’s a stark reminder for businesses to keep their cyber defenses as robust as their frosting game.
Play Ransomware: Still Hungry for Data
The Play ransomware gang has been on a tear since its debut in June 2022, chomping down on the data of over 300 organizations worldwide. From cloud computing companies like Rackspace to cities like Oakland and Antwerp, no one seems safe from their digital appetite. The FBI, CISA, and the Australian Cyber Security Centre issued a joint advisory last December, warning the world of Play’s cyber shenanigans. As Krispy Kreme joins their long list of victims, it’s a nod to businesses everywhere: Better lock up your data, or risk being the next name on Play’s notorious hit list.
So, next time you bite into a Krispy Kreme doughnut, remember the sweet taste of cybersecurity and hope their systems are as fortified as their glaze is glossy. Until then, let’s hope the only holes in their doughnuts are the ones we can see—and not the kind hackers can exploit.