Security experts respond to Krispy Kreme cyber attack

Alexander Grey via Unsplash

A cybersecurity incident against Krispy Kreme disrupted its operations, preventing customers from ordering online in portions of the United States. According to the company, unauthorized access was detected within a region of its technology last month, although it is continuing to have effects still. At this time, the full nature, scope and impact of the cyber incident are not known.

Security leaders weigh in

Alberto Farronato, CMO at Oasis Security:

The Krispy Kreme breach underscores how cybersecurity incidents can ripple across business operations and customer experiences, even in industries not traditionally associated with high-tech services, causing operational disruptions, financial impact, and erosion of customer trust.

While the full details are yet to emerge, the scenario is all too familiar in today’s threat landscape. Once breached, they can become entry points for attackers, enabling unauthorized access to critical systems and data.

As organizations increasingly rely on interconnected technology for operations, we encourage businesses to reevaluate their approach to identity security, focusing not just on human users but also on the digital identities driving their systems.

James Scobey, Chief Information Security Officer at Keeper Security:

The Krispy Kreme incident highlights the high cost of cybersecurity breaches — not only in financial terms but in operational disruption and the erosion of customer trust. The reported downtime of online ordering demonstrates how even temporary interruptions can have a significant impact on revenue and brand reputation.

To mitigate ever-present cyber risks, organizations must adopt a proactive approach to cybersecurity. Privileged Access Management (PAM) protects systems by limiting access to sensitive assets to only essential personnel, and continuously monitoring privileged accounts for unusual activity. Strong password management — including the enforcement of strong, unique passwords and multi-factor authentication — is a critical first line defense in preventing unauthorized access.

The cost of implementing these proactive measures is a fraction of the expense required to recover from a breach. Regular security audits, employee training and vulnerability assessments help identify and address potential vulnerabilities. Cybersecurity isn’t just a technical requirement — it’s essential for organizations to ensure operational resilience and maintain customer confidence.

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger