- More than 160,000 people had their Krispy Kreme leaked data
- The victims are mainly employees and their relatives.
- The perpetrator is still unknown
Krispy Kreme has revealed exactly what details were exposed in the violation that affected the Donas company in November 2024.
161,676 people were affected by the violation, and most were the staff and their relatives, the company said in a presentation before the office of Maine’s attorney general.
The violation saw a wide range of confidential information stolen, putting many of the victims at risk of credit fraud, identity theft and more.
A lot of data
The complete list of stolen data in the violation includes:
- Names
- Social Security Numbers
- Birth dates
- Driver’s license or state identification numbers
- Financial Account Information
- Access information to the financial account
- Credit or debit card information
- Credit or Debit card information in combination with a safety code, username and password to a financial account
- Passport numbers
- Digital signatures
- User names and passwords
- Email addresses and passwords
- Biometric data
- USCIS or foreigners registration numbers
- US military identification numbers
- Medical or health information
- Health Insurance Information
While not all involved will have had all the previous leaked data, it illustrates how important it is to properly protect confidential information, especially when it comes to the credit card and payment details.
It seems that all data may have been grouped into a single database, which makes it much easier for attackers to steal such information treasure.
The victims were offered 12 months of credit monitoring and protection against identity theft, which has become a tradition for large companies affected by confidential data violations.
Krispy Kreme now shows a statement that exposes the details of data violation: “On November 29, 2024, Krispy Kreme realized the unauthorized activity on a part of its information technology systems. Upon learning of the unauthorized activity, we immediately begin to take measures to investigate, contain and contain and remedy the incident with the assistance of the main experts in cyberbies.”
“On May 22, 2025, our research on the incident determined that certain personal information was affected. There is no evidence that the information has been used improper, and we do not know any report of theft or identity fraud as a direct result of this incident. This notification has not been delayed as a result of an investigation of application of the law,” says the statement.
There is no confirmation about who was behind the rape, but immediately after the dissemination of Krispy Kreme, the gaming gang of game was attributed the responsibility.
Bleepingcomputer Claims The Game gang said that supposedly stolen files contain “private and personal confidential data, client documents, payroll, accounting, contracts, taxes, identifications, financial information” and more, but did not provide any proof of their activity.
