Somebody found a hole in Krispy Kreme's online defenses.
The company best known for its hot, fresh doughnuts said Wednesday that its online ordering systems in parts of the US continue to be disrupted by a cyberattack detected more than a week ago.
Krispy Kreme [said in a regulatory filing](https://www.sec.gov/ix?doc=/Archives/edgar/data/1857154/000185715424000123/dnut-20241211.htm) that when the intruder was first spotted on Nov. 29, it immediately took steps to secure its systems with the help of cybersecurity experts. It has been working since to restore all of its systems, including online ordering. Federal law enforcement has also been notified.
"As the investigation of the incident is ongoing, the full scope, nature and impact of the incident are not yet known," Krispy Kreme said in its filing to the Security and Exchange Commission.
Krispy Kreme stores around the world are open, customers can place orders in person and deliveries to third-party stores and restaurants continue, the company said.
**Read more**: [Best Identity Theft Protection Services in 2024](https://www.cnet.com/personal-finance/identity-theft/best-identity-theft-protection/)
The company, which is based in Charlotte, North Carolina, added that the incident has already had a significant impact on its finances — pointing to lost digital sales and recovery costs — and will likely continue to do so until it's fully recovered from the incident.
But it added that it does hold cybersecurity insurance and expects that to offset a portion of those costs. It doesn't expect any long-term financial effects.
Krispy Kreme operates in 40 countries through a network of its own doughnut shops, retail partnerships and a digital business.