Krispy Kreme anticipates that the loss of online sales and other costs from an information technology hack will result in “a material impact” on the company’s business operations and finances.
The Charlotte-based doughnut retailer disclosed in a securities filing earlier this week that it learned Nov. 29 about “unauthorized activity on a portion of its information technology systems.” It disrupted some operations, including digital ordering in parts of the U.S.
The cyberattack sets back Krispy Kreme, which last month reported an adjusted quarterly loss and said it would earn less this year than previously expected. It cited increasing digital sales as a contributor to the company’s 17th consecutive quarter of year-over-year organic sales growth.
As he seeks to revive earnings, CEO Josh Charlesworth said the company plans to maximize profitable expansion in the U.S. and focus more on its franchise model overseas. He said he’s also restructuring management teams to “better align our talent.”
This week’s filing said the company doesn’t expect the hacking to cause a long-term material impact on its results of operations and financial condition.
“Krispy Kreme shops globally are open, and consumers are able to place orders in person, but the company is experiencing certain operational disruptions,” the filing said. “Daily fresh deliveries to our retail and restaurant partners are uninterrupted.”
When it learned about the cyberattack, the company “immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts,” according to the filing. It “continues to work diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering, and has notified federal law enforcement.”
Krispy Kreme said it doesn’t yet know “the full scope, nature and impact of the incident. As of the date of this filing, the incident has had and is reasonably likely to have a material impact on the company’s business operations until recovery efforts are completed.”
The company cited costs related to the incident, including the loss of revenue from digital sales during the recovery, fees for cybersecurity experts and other advisers, and costs to restore impacted systems. It expects cybersecurity insurance to offset a portion of the costs.
Krispy Kreme shares traded midday Thursday around $10.20, up around 1.65% or 17 cents. For the year, shares are down more than 23%.