Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024.
June 19, 2025 By Eduard Kovacs
Donut and coffee retail chain Krispy Kreme has confirmed that the ransomware attack that came to light in late 2024 resulted in a data breach.
Krispy Kreme revealed being hit by a cyberattack on December 11, saying that the incident had led to operational disruptions.
Roughly one week later, the Play ransomware group took credit for the attack, claiming to have stolen personal information, client documents, financial information, as well as other files related to accounting, contracts, payroll, and budget.
The cybercriminals claimed to have stolen 184 Gb worth of data, which they made public on their Tor-based leak website in December 2024, after Krispy Kreme likely refused to pay a ransom.
Krispy Kreme is now sending out data breach notification letters to individuals whose information was stolen as a result of the attack.
