Doughnut chain Krispy Kreme says it has been hit by a cyberattack which has disrupted its online systems.
Some customers in the US have been unable to make online orders as a result of the hack, which occurred in late November but has only just been disclosed.
Krispy Kreme revealed the attack in a regulatory filing with the US Securities and Exchanges Commission (SEC) on Wednesday.
It said the incident was “reasonably likely” to “have a material impact” on the firm’s business operations, but clarified that brick-and-mortar shops remain open.
“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” reads a message on the Krispy Kreme website.
“We know this is an inconvenience and are working diligently to resolve the issue.”
The firm told the BBC in a statement it “immediately” took steps to investigate and contain the incident, and has brought in cybersecurity experts.
“We, along with them, continue to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering,” it said.
No groups have publicly taken responsibility for the hack.
Krispy Kreme is a large chain in the US, which has more than 1,400 shops worldwide.
In the UK it is smaller, but its 120 locations make it the largest speciality doughnut retailer in the country.
Krispy Kreme stated in its SEC filing that it has cybersecurity insurance, which it expects “to offset a portion of the costs”.
It said it expected these costs to arise from a loss of digital sales, fees for the experts it has hired, and the restoration of impacted systems.
Cyber-attacks have caused serious disruption this year, plaguing key infrastructure including hospitals and transport systems.
“The proliferation of cyberattacks in 2024 shows that hackers are willing to target anything and everything,” said Spencer Starkey, from cyber-security firm SonicWall.
“It’s vital every single business has a robust roadmap in place to deploy if and when an attack happens,” he added.
Social media is taking this incident somewhat less seriously, however.
“Anyone messing with Krispy Kreme should be jailed for life,” joked one user on X.
“Cybercriminals, you’ve gone too far this time,” posted another.
