The Play ransomware gang has claimed duty for a cyberattack that impacted the enterprise operations of the U.S. doughnut chain Krispy Kreme in November.
Krispy Kreme disclosed the incident and subsequent disruptions to its on-line ordering system in an SEC submitting submitted on December 11. The corporate detected unauthorized exercise on a few of its data know-how programs on November 29.
After the assault, Krispy Kreme additionally took measures to comprise and remediate the breach and employed exterior cybersecurity specialists to research the assault’s impression and scope.
“We’re experiencing sure operational disruptions as a consequence of a cybersecurity incident, together with with on-line ordering in components of the USA,” Krispy Kreme mentioned in a message on its official web site.
“We all know that is an inconvenience and are working diligently to resolve the difficulty. [..] We’ll have our on-line ordering up as quickly as we will. Our recent doughnuts can be found in our outlets as at all times!”
Krispy Kreme’s Q3 2024 monetary outcomes present that digital orders symbolize 15.5% of the corporate’s gross sales, contributing to its 3.5% natural income development in Q3 2024.
The American multinational coffeehouse chain and doughnut firm operates 1,521 outlets and 15,800 factors of entry, 4 “Doughnut Factories” in the USA, and 37 others internationally. As of December 2023, it employed 22,800 individuals in 40 nations. Krispy Kreme additionally companions with McDonald’s to have its merchandise bought in hundreds of extra McDonald’s places worldwide.
Whereas the corporate has but to share extra particulars concerning the assault and, when approached by BleepingComputer for remark, shared a press release much like the one filed with the SEC, the Play ransomware gang has now claimed the November breach and says in addition they allegedly stole knowledge from the corporate’s community.
Play ransomware claims, with out proof, that they collected and stole recordsdata containing “personal and private confidential knowledge, shopper paperwork, price range, payroll, accounting, contracts, taxes, IDs, finance data,” and extra. The attackers now say they’re going to publish the info this Saturday, November 21.
The Play ransomware operation surfaced over two years in the past, in June 2022, with preliminary victims looking for assist by means of BleepingComputer’s boards. Play operators steal delicate knowledge from breached programs to make use of in double-extortion schemes, pressuring victims into paying ransoms to keep away from having the stolen knowledge leaked on-line.
Earlier notable Play ransomware victims embody automobile retailer large Arnold Clark, cloud computing firm Rackspace, the Metropolis of Oakland in California, Dallas County, the Belgian metropolis of Antwerp, and, most not too long ago, American semiconductor provider Microchip Expertise.
The FBI issued a joint advisory with CISA and the Australian Cyber Safety Centre (ACSC) final December, warning that the Play ransomware operation had breached the networks of round 300 organizations worldwide as of October 2023.