CHARLOTTE, NC. — Krispy Kreme Inc. is working to resolve a cybersecurity breach that disrupted some operations, including online ordering.

The Charlotte-based donut maker and donut shop chain disclosed the IT systems hack in a Dec. 10 8-K filing with the Securities and Exchange Commission, reporting that the incident occurred at the end of last month.

“On Nov. 29, 2024, Krispy Kreme Inc. was notified regarding unauthorized activity on a portion of its information technology systems,” Krispy Kreme said in the filing. “The company immediately began taking steps to investigate, contain and remediate the incident with the assistance of leading cybersecurity experts. Krispy Kreme shops globally are open, and consumers are able to place orders in person. But the company is experiencing certain operational disruptions, including with online ordering in parts of the United States. Daily fresh deliveries to our retail and restaurant partners are uninterrupted.”

Krispy Kreme said it has notified federal law enforcement about the security breach and an investigation is underway, but the company noted in the filing that “the full scope, nature and impact of the incident are not yet known.”

“The company, along with its external cybersecurity experts, continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering,” Krispy Kreme said.

In the United States, Krispy Kreme had 8,018 total points of access at the close of its fiscal 2024 third quarter ended Sept. 29. That number includes 236 Hot Light Theater Shops, 71 Fresh Shops and 7,711 Delivered Fresh Daily (DFD) branded donut cabinets in high-traffic grocery stores, convenience stores, quick-service restaurants, club stores and drug stores.

For the quarter, Krispy Kreme posted US organic revenue growth of 2.5%, which the company attributed to a 14% gain in points of access and a 21% surge in digital channel revenue.

Digital represents a key growth channel for Krispy Kreme. Globally, where the company has 15,811 total points of access, digital sales accounted for 15.5% of donut shop sales in the third quarter, up 290 basis points from 12.6% a year earlier.

Krispy Kreme alerted consumers to the security breach in a posting on its website.

“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” the company said. “We know this is an inconvenience and are working diligently to resolve the issue. We immediately began taking steps to investigate, contain and remediate the incident with the assistance of leading cybersecurity experts and other advisers. We’ll have our online ordering up as soon as we can. Our fresh donuts are available in our shops as always. Additionally, many of you may also visit your nearest grocery or convenience store to enjoy our donuts.”

Krispy Kreme didn’t provide further details on the systems hack. But in the SEC filing, the company said it expects the incident to impact business operations and financials until the completion of recovery efforts.