The beloved doughnut chain Krispy Kreme has fallen victim to a significant cybersecurity incident, with the notorious Play ransomware group claiming responsibility for the attack.
The attackers have threatened to release sensitive company data within two days unless their demands are met.
The breach, initially disclosed on December 11, 2024, has disrupted operations across the United States, particularly affecting online ordering systems.
Krispy Kreme first detected unauthorized activity on its IT systems on November 29, prompting an immediate investigation. While physical stores remain open and in-person orders are unaffected, the company is experiencing operational disruptions, especially in its digital sales channels.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Play Ransomware’s Threat
On December 19, the Play ransomware group, also known as PlayCrypt, announced via its dark web leak site that it was behind the Krispy Kreme breach. The group is now threatening to release sensitive internal company information within two days if their demands are not met.
The allegedly stolen data includes:
- Employee IDs and payroll information
- Client documents
- Financial and budgeting information
- Accounting and tax-related data
- Private and personal confidential information
Play ransomware, which emerged in June 2022, is known for targeting a wide range of sectors globally, including business, government, critical infrastructure, healthcare, and media.
The group employs a double-extortion model, exfiltrating data before encrypting systems and threatening to release stolen information if ransom demands are not met.
This attack on Krispy Kreme is part of a larger trend of ransomware groups targeting critical systems and organizations with potentially weaker network defenses.
Recent reports have even linked Play ransomware to North Korean state-backed hackers, adding a geopolitical dimension to the threat.
Krispy Kreme has engaged leading cybersecurity professionals to investigate and mitigate the attack while notifying federal law enforcement. The company holds cybersecurity insurance, which is expected to offset a portion of the incident-related costs.
As the investigation continues, the full scope and impact of the breach remain unknown. Krispy Kreme customers and stakeholders are advised to stay vigilant and monitor official company communications for updates on the situation.
The post Krispy Kreme Hack Claimed by Play Ransomware – Threatens to Release Data appeared first on Cyber Security News.
