A severe cyberattack has disrupted Krispy Kreme's online ordering systems in parts of the USA and significantly affected the donut manufacturer's business. The company warned in a notification to the US Securities and Exchange Commission (SEC) that the incident is "expected to have a significant impact" on business operations until recovery measures are completed.

On November 29, Krispy Kreme discovered "unauthorized activities" in parts of its IT systems, as the company announced on Wednesday. The affected systems were isolated, and measures to contain and remediate the damage were initiated. Nevertheless, there were disruptions, especially in the area of online ordering.

Although the branches remain open, the incident disrupts the supply chain and distribution, as Krispy Kreme sells not only through its own stores but also through supermarkets and pilot tests in McDonald's outlets in the USA.

The company based in Charlotte, North Carolina, which operates in 35 countries, has increasingly focused on expanding its distribution channels in recent years. Since going public in 2021, following the acquisition by the European JAB Holding in 2016, the focus has been on diversifying sales strategies to strengthen market position. However, the cyberattack could temporarily slow down these efforts.

Krispy Kreme stated that the ongoing measures to restore the affected systems would be carried out with high priority to normalize business operations as quickly as possible.