SecurityWeek reports that heartless criminals targeted Krispy Kreme donuts last year:
Donut and coffee retail chain Krispy Kreme has confirmed that the ransomware attack that came to light in late 2024 resulted in a data breach.
Krispy Kreme revealed being hit by a cyberattack on December 11, saying that the incident had led to operational disruptions.
Roughly one week later, the Play ransomware group took credit for the attack, claiming to have stolen personal information, client documents, financial information, as well as other files related to accounting, contracts, payroll, and budget.
The cybercriminals claimed to have stolen 184 Gb worth of data, which they made public on their Tor-based leak website in December 2024, after Krispy Kreme likely refused to pay a ransom.
Read more at SecurityWeek.
Update: The breach was reported to the Maine Attorney General’s Office as affecting 161,676 people.
