{"id":1197,"date":"2024-12-12T10:42:05","date_gmt":"2024-12-12T10:42:05","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1197"},"modified":"2024-12-12T10:42:05","modified_gmt":"2024-12-12T10:42:05","slug":"a-security-hole-in-krispy-kreme-doughnuts-helped-hackers-take-a-bite","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1197","title":{"rendered":"A security \u2018hole\u2019 in Krispy Kreme Doughnuts helped hackers take a bite"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Global Doughnut and coffee chain owner Krispy Kreme, famous for its \u201coriginal glazed doughnuts,\u201d has a \u201cportion of their IT systems\u201d disrupted by a cyberattack.<\/p>\n

In an SEC filing<\/a> on Wednesday, the global doughnut business said it suffered a cybersecurity incident that has hampered part of its online business in the US.<\/p>\n

\u201cKrispy Kreme shops globally are open, and consumers are able to place orders in person, but the Company is experiencing certain operational disruptions, including with online ordering in parts of the United States,\u201d the company said in the filing. \u201cDaily fresh deliveries to our retail and restaurant partners are uninterrupted.\u201d<\/p>\n

The company has informed federal law enforcement and has taken up external assistance to respond to and mitigate the impact of the incident, the filing added.<\/p>\n

No hacker or groups have yet taken responsibility for the attack.<\/p>\n

Incident to have a material impact<\/h2>\n

In the filing, Krispy Kreme confirmed that the incident has and will continue to have material impact until a full recovery of the systems is achieved. Costs from the incident will include loss of revenues from digital sales until restoration, fees for cybersecurity experts and advisors, and the costs to restore impacted systems.<\/p>\n

\u201cThankfully, there appears to be some degree of system isolation between the online ordering platform and the store management platform,\u201d said Trey Ford, chief information security officer at Bugcrowd<\/a>. \u201cOn the upside, customers can still visit brick-and-mortar stores to buy donuts and coffee \u2014 albeit with the inconvenience of waiting a few extra minutes.\u201d<\/p>\n

It is still early days as the investigation is yet to uncover the initial point of infection, and the incident could have a ripple effect on other Krispy Kreme services and connected systems.<\/p>\n

\u201cWhile the full details are yet to emerge, the scenario is all too familiar in today\u2019s threat landscape,\u201d said Alberto Farronato, CMO at Oasis Security<\/a>. \u201cCybersecurity incidents can ripple across business operations and customer experiences, even in industries not traditionally associated with high-tech services, causing operational disruptions, financial impact, and erosion of customer trust.\u201d<\/p>\n

Krispy Kreme did not respond to the queries regarding the investigation and operation status at the time of publishing this report.<\/p>\n

The road to recovery could prove to be a long one, as Ford pointed out. \u201cTracing the source of unauthorized activity can be challenging, especially when budget constraints limit logging and other telemetry,\u201d he said. \u201cData flow diagrams, authentication boundaries, and the scope of non-human identities (NHI) are critical tools for identifying the incident\u2019s starting point \u2014 but success is not always guaranteed.\u201d <\/p>\n

There is a breather for the leading doughnut seller, after all, as part of the costs outlined by the company is covered in the cybersecurity insurance it holds. \u201cThe Company does not expect this will have a long-term material impact on its results of operations and financial condition,\u201d Krispy Kreme added in the filing.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Global Doughnut and coffee chain owner Krispy Kreme, famous for its \u201coriginal glazed doughnuts,\u201d has a \u201cportion of their IT systems\u201d disrupted by a cyberattack. In an SEC filing on Wednesday, the global doughnut business said it suffered a cybersecurity incident that has hampered part of its online business in the US. \u201cKrispy Kreme shops […]<\/p>\n","protected":false},"author":0,"featured_media":1198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1197","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1197"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1197"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1197\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1198"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}