Strauss Borrelli PLLC, a leading data breach law firm, is investigating Krispy Kreme Doughnut Corporation (“Krispy Kreme”) regarding its recent data breach. The Krispy Kreme data breach involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT KRISPY KREME DOUGHNUT CORPORATION:
Krispy Kreme is a food service company based in North Carolina. Founded in 1937, Krispy Kreme provides doughnuts in over 30 countries through its doughnut shops, retail partnerships, and Ecommerce and delivery business.3 Headquartered in Winston-Salem, North Carolina and Charolotte, North Carolina, Krispy Kreme employs over 10,000 individuals.3,4
WHAT HAPPENED?
On June 16, 2025, Krispy Kreme reported to the Attorney General of the Commonwealth of Massachusetts that the sensitive personal identifiable information in its care was accessed without authorization.1 In the sample breach notice, Krispy Kreme does not elaborate on the nature of the security incident.1 While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Driver’s license
- Financial account numbers
As a result of the breach, Krispy Kreme began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Massachusetts residents, Krispy Kreme is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the breach notification letters that Krispy Kreme filed with the Attorney General of the Commonwealth of Massachusetts is below.
If you received a breach notification letter from Krispy Kreme Doughnut Corporation:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
