The incident, which happened in late November but was only just made public, has prevented some customers from placing online orders.
In a regulatory filing with the US Securities and Exchanges Commission (SEC) on Wednesday, Krispy Kreme disclosed the attack.
Although it made it clear that physical stores are still operating, it stated that the incident was “reasonably likely” to “have a material impact” on the company’s commercial operations.
“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” the Krispy Kreme website states.
“We know this is an inconvenience and are working diligently to resolve the issue.”
In a statement, the company informed the news that it “immediately” began an investigation.
