- More than 160,000 people have disclosed their data from Krispy Kreme
- Victims are mainly employees and family members
- The author is still unknown
Krispy Kreme revealed exactly what details were exposed in the violation which struck the donut company in November 2024.
161,676 people were affected by the violation, most of them being staff and family members, said the company in a file with the Maine Prosecutor’s Office.
The violation has seen a very wide range of stolen sensitive information, which endangers fraud to credibility, identity theft, etc.
Lots of data data
The complete list of stolen data in the violation includes:
- Names
- Social Security numbers
- Birth dates
- Driving license or state identification numbers
- Financial account information
- Access to the financial account
- Credit or debit card information
- Information on the credit or debit card in combination with a security code, a username and a password on a financial account
- Passport numbers
- Digital signatures
- User names and passwords
- E-mail addresses and passwords
- Biometric data
- USCIS or extraterrestrial registration numbers
- US military identification numbers
- Medical or health information
- Health Insurance Information
Although all the people involved will not have had all the data disclosed above, this illustrates how important it is to properly protect sensitive information, in particular with regard to the details of the credit card and payment.
It appears that all data may have been grouped in a single database, which greatly facilitates attackers to steal such a mine of information.
The victims were offered 12 months of credit surveillance of credit and protection against identity theft, which has become the tradition of large companies struck by sensitive data violations.
Krispy Kreme is now showing a statement made the details of the data violation: “On November 29, 2024, Krispy Kreme became aware of unauthorized activity on part of his information technology systems. When learning unauthorized activity, we immediately started taking measures to investigate, contain and remedy the incident with the help of cybersecurity experts. “
“On May 22, 2025, our investigation into the incident determined that certain personal information had been affected. There is no evidence that the information has been used to be uncomfortable, and we do not know any identity or fraud report following this incident. This notification was not delayed following an investigation into the application of the law, ”said the press release.
There is no confirmation on whom was behind the breach, but immediately after the disclosure of Krispy Kreme, the gang of ransomware of play claimed responsibility.
Bleeping Compompute Affirms that the gaming gang said that the allegedly stolen files contain “private and personal confidential data, customer documents, a budget, pay, accounting, contracts, taxes, identifiers, financial information”, and more – but have provided no proof of its activity.
