The Play ransomware group has claimed responsibility for a cyberattack on Krispy Kreme, which occurred on November 29, 2023.

The company disclosed the cyberattack in an SEC filing on December 11, detailing its operational impacts.

Krispy Kreme reported unauthorized activity on its IT systems on the same day, leading to operational disruptions, particularly affecting online ordering services.

While the company's physical shops remained open for in-person orders, the disruptions highlighted the impact of the cyber incident.

In response to the attack, Krispy Kreme has hired external cybersecurity experts to assess the breach's scope and mitigate its effects.

Despite the claims made by the ransomware group regarding data exfiltration, Krispy Kreme has yet to publicly confirm these allegations or provide further details.

The Play ransomware group has threatened to leak sensitive company data, including personal and financial information, unless a ransom is paid by December 21, 2023.

This incident underscores the increasing complexity and reach of cybercriminal organizations, posing significant threats to businesses worldwide.

Since its emergence in June 2022, the Play ransomware group has targeted various sectors globally, including business, government, healthcare, and media.

Utilizing a double-extortion model, Play ransomware exfiltrates data before encrypting systems, pressuring victims to pay to avoid data leaks.

The FBI and CISA issued a joint advisory in December 2023, indicating that the Play ransomware had breached around 300 organizations globally by October 2023.

Notable previous victims of Play ransomware include Arnold Clark, Rackspace, and the City of Oakland, highlighting the group's extensive targeting of various entities.