MW Krispy Kreme is latest to report a cyberattack that's hampering its business
By Ciara Linnane
Doughnut company is still working to determine extent of hack but says it's having a material impact on business
Krispy Kreme Inc.'s stock fell 2% early Wednesday, after the company said a breach of its IT systems has had a material impact on its business operations and is likely to continue to do so until it can complete recovery efforts.
In a regulatory filing, the doughnut company $(DNUT)$ said it was first notified of the unauthorized activity on its systems on Nov. 29 and immediately took steps to investigate and seek to contain it using cybersecurity experts.
The company's shops are open and consumers can place orders in person, but it's experiencing disruptions with online ordering in some parts of the U.S., said the filing.
Krispy Kreme has notified federal law enforcement.
"As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known," said the filing.
The expected costs of the incident, including loss of revenue from digital sales, fees to cybersecurity experts and other advisers, "are reasonably likely to have a material impact on the company's results of operationsand financial condition," the filing warned.
The company is expecting to offset part of those costs with its cybersecurity insurance and does not expect the incident to have a long-term impact on its business or financial condition.
Cybersecurity breaches and hacks have become a critical threat to companies and organizations across all sectors and attackers are becoming increasingly sophisticated in exploiting vulnerabilities in digital infrastructure, according to secure file-sharing provider Kiteworks, in its 2024 Industry Risk Score Report.
Since late 2023, a stunning 3,205 data hacks impacting more than 353 million individuals have been carried out in the U.S. alone, the report found.
"The healthcare sector, already a prime target for cybercriminals, saw millions of patient records exposed, exacerbating the industry's ongoing struggle to protect sensitive information," said the report.
The list includes UnitedHealth Group Inc. $(UNH)$, which disclosed a major hack of IT systems operated by its Change Healthcare unit in February that it said at the time might be a "nation-state-associated cybersecurity threat actor."
The attack on the major healthcare-claims clearinghouse, widely considered the biggest cybersecurity disruption to healthcare in U.S. history, intensified scrutiny of UnitedHealth's size and influence in the healthcare industry.
In May, its Chief Executive Andrew Witty was hauled over the coals at a House Energy and Commerce Committee's Oversight and Investigations subcommittee hearing on the hack.
Read also: Globe Life targeted by 'unknown threat actor' in extortion attempt
The company is back in the news more recently after the fatal shooting of the head of its health-insurance business last week on a Manhattan street.
Hewlett Packard Enterprise Co. $(HPE)$ said in late January that it believed Midnight Blizzard, a state-sponsored actor that's also known as Cozy Bear, breached its corporate email systems.
See Now: American Water Works targeted in cybersecurity incident
Microsoft Corp. $(MSFT)$ also disclosed a hack by a Russian group last month, noting that the group was able to see "a very small percentage" of corporate email accounts after gaining a foothold in November.
Krispy Kreme's stock has fallen 33% in the year to date, while the S&P 500 SPX has gained 25.6%.
See Now: More car dealerships say CDK cyberattack has hurt their operations
-Ciara Linnane
This content was created by MarketWatch, which is operated by Dow Jones & Co. MarketWatch is published independently from Dow Jones Newswires and The Wall Street Journal.
(END) Dow Jones Newswires
December 11, 2024 07:06 ET (12:06 GMT)
Copyright (c) 2024 Dow Jones & Company, Inc.
Comments