Systems breach disrupts online ordering at Krispy Kreme
As of the Dec. 11, 2014 date of the filing, Krispy Kreme said this incident has had and is "reasonably likely" to have a material impact on its business operations until recovery efforts are completed. Expected costs are expected to include the loss of revenues from digital sales during the recovery period, fees for cybersecurity experts and other advisors, and costs to restore any impacted systems.
The company holds cybersecurity insurance that it expects to offset a portion of remediation costs and said it does not expect this incident will have a long-term material impact on its results of operations and financial condition.
In a statement emailed to Chain Store Age, Paul Bischoff, consumer privacy advocate at tech research firm Comparitech, said Krispy Kreme customers should “assume the worst” about this incident and start monitoring their accounts for their own safety.
"Krispy Kreme customers who order their donuts online should expect to receive a notice in the mail in the coming months informing them that their private information was breached," said Bischoff in the statement. "Most attacks of this nature don't just disrupt systems. They also steal data. Companies typically take about six months to investigate breaches and find contact information for affected customers, give or take a few months."