On November 29, 2024, Krispy Kreme Doughnut Corporation (“Krispy Kreme”) identified suspicious activity on its computer network, indicating a data breach. Based on a subsequent forensic investigation, Krispy Kreme determined that cybercriminals infiltrated its inadequately secured computer systems. The investigation further determined that, through this infiltration, cybercriminals accessed and stole files containing the sensitive personal information of 161,676 individuals.
The information exposed in the data breach includes, but is not limited to:
- Names
- Social Security numbers
- Financial account information
- Payment card information
- Medical and health information
- Dates of birth
- Passport numbers
- Digital Signatures
- Email addresses and passwords
- Biometric data
- US military ID numbers
The notorious ransomware group known as Play took credit for the attack, claiming to have stolen personal information, client documents, financial information, as well as other files related to accounting, contracts, payroll, and budget. The cybercriminals claimed to have stolen 184 Gb worth of data that they purportedly made public on their Tor-based leak website in December 2024.
As a result of the Krispy Kreme data breach, these individuals’ personal and highly confidential information appears to be in the hands of cybercriminals who can place the information for sale on the dark web or use the information to perpetrate identity fraud.
Murphy Law Firm is investigating claims on behalf of all individuals whose personal and confidential information was potentially compromised in the data breach. We are evaluating legal options, including a potential class action lawsuit, to recover damages for individuals who were affected by the Krispy Kreme Doughnut Corporation data breach.