The Play ransomware gang has claimed responsibility for a cyberattack on Krispy Kreme, disrupting online ordering and raising concerns about data security.
The Play ransomware gang has taken responsibility for a cyberattack on Krispy Kreme, the US-based doughnut chain, that disrupted the company's online ordering system in November. Krispy Kreme disclosed the breach in a filing with the US Securities and Exchange Commission (SEC) on December 11, stating it detected unauthorized activity on its IT systems on November 29. The company took immediate action to contain the breach, engaged external cybersecurity experts to investigate, and is working to restore operations.
In a message on its official website, Krispy Kreme acknowledged disruptions, stating, "We're experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States... Our fresh doughnuts are available in our shops as always!"
The Play ransomware gang claims to have stolen a variety of sensitive information from Krispy Kreme, including personal and confidential data, client documents, payroll records, accounting files, contracts, and financial details. While these claims have yet to be independently verified, the attackers have threatened to release the stolen data publicly as part of a double-extortion tactic.
This incident represents a serious risk for Krispy Kreme. Digital orders make up 15.5% of its sales and have contributed to its recent 3.5% organic revenue growth in Q3 2024. Any disruption to its online ordering system could undermine customer trust and revenue. With over 1,500 shops worldwide and more than 22,000 employees across 40 countries, the potential impact of the breach is extensive.
The Play ransomware group has targeted other high-profile organizations, including Arnold Clark, Rackspace, the City of Oakland, and Microchip Technology. Their approach typically involves stealing sensitive data and threatening to publish it unless a ransom is paid.
The FBI, along with the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC), issued an advisory last year warning about Play ransomware’s tactics. The group has reportedly breached around 300 organizations globally as of October 2023.
The company has maintained limited communication about the specifics of the attack. In its SEC filing and statements to BleepingComputer, Krispy Kreme reiterated its commitment to resolving the issue and ensuring operational continuity.
With digital orders driving 15.5% of Krispy Kreme's sales, this attack threatens a revenue stream while exposing sensitive data to potential public release. The incident shows how ransomware disrupts operations and raises questions about preparedness, pushing companies to address gaps that could lead to repeated attacks.
A ransomware gang is a group of cybercriminals that uses ransomware to extort money from victims. These groups often work globally, targeting businesses, governments, and individuals.
Ransomware locks or encrypts data on a victim’s computer or network, making it inaccessible. The attackers demand a ransom, usually in cryptocurrency, for the decryption key or to avoid leaking stolen data.
Double extortion is when attackers not only lock your data but also steal it. They threaten to release sensitive information publicly if the ransom isn’t paid, adding extra pressure.
Companies often store valuable and sensitive data, making them more profitable targets. Businesses are also more likely to pay larger ransoms to minimize downtime or avoid data leaks.
Cybersecurity experts investigate the attack, identify vulnerabilities, remove the malware, and help organizations recover their data. They also assist in implementing better security practices to prevent future attacks.