​The Play ransomware gang has claimed duty for a cyberattack that impacted the enterprise operations of the U.S. doughnut chain Krispy Kreme in November.
Krispy Kreme disclosed the incident and subsequent disruptions to its on-line ordering system in an SEC submitting submitted on December 11. The corporate detected unauthorized exercise on a few of its data expertise programs on November 29.
After the assault, Krispy Kreme additionally took measures to comprise and remediate the breach and employed exterior cybersecurity specialists to research the assault’s influence and scope.
“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” Krispy Kreme stated in a message on its official web site.
“We know this is an inconvenience and are working diligently to resolve the issue. [..] We’ll have our online ordering up as soon as we can. Our fresh doughnuts are available in our shops as always!”
Krispy Kreme’s Q3 2024 monetary outcomes present that digital orders symbolize 15.5% of the corporate’s gross sales, contributing to its 3.5% natural income development in Q3 2024.
The American multinational coffeehouse chain and doughnut firm operates 1,521 retailers and 15,800 factors of entry, 4 “Doughnut Factories” in the USA, and 37 others internationally. As of December 2023, it employed 22,800 folks in 40 nations. Krispy Kreme additionally companions with McDonald’s to have its merchandise offered in hundreds of extra McDonald’s places worldwide.
Whereas the corporate has but to share extra particulars in regards to the assault and, when approached by BleepingComputer for remark, shared an announcement much like the one filed with the SEC, the Play ransomware gang has now claimed the November breach and says additionally they allegedly stole information from the corporate’s community.
Play ransomware claims, with out proof, that they collected and stole information containing “private and personal confidential data, client documents, budget, payroll, accounting, contracts, taxes, IDs, finance information,” and extra. The attackers now say they’re going to publish the information this Saturday, November 21.
The Play ransomware operation surfaced over two years in the past, in June 2022, with preliminary victims searching for assist by BleepingComputer’s boards. Play operators steal delicate information from breached programs to make use of in double-extortion schemes, pressuring victims into paying ransoms to keep away from having the stolen information leaked on-line.
Earlier notable Play ransomware victims embrace automobile retailer big Arnold Clark, cloud computing firm Rackspace, the Metropolis of Oakland in California, Dallas County, the Belgian metropolis of Antwerp, and, most just lately, American semiconductor provider Microchip Expertise.
The FBI issued a joint advisory with CISA and the Australian Cyber Security Centre (ACSC) final December, warning that the Play ransomware operation had breached the networks of round 300 organizations worldwide as of October 2023.
