News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
Ordering some Krispy Kremes as a pre-holiday thank you for your team? You might want to have a backup spot just in case, because the donut chain is still having issues with its online ordering after disclosing a recent cyberattack.
The company is bracing for more short-term pain for its operations and finances, according to its 8-K disclosure form.
The material financial hit includes the costs of getting the breached systems up and running again, paying consultants, and lost digital sales while the systems were patchy. As of Dec. 17, according to a banner on KrispyKreme.com, “Online ordering has been restored for the majority of our shops.”.
Like the freshness of donuts, the effects of the attack could be fleeting. Krispy Kreme didn’t think the attack would “have a long-term material impact on its results of operations and financial condition,” although it was still piecing together “the full scope, nature, and impact of the incident” when it filed the 8-K on Dec. 11.
Pain in the digital transformation. The cyberattack is extra unfortunate because, as Food Business News reported, online orders are a growing share of Krispy Kreme’s sales. “Digital sales accounted for 15.5% of donut shop sales in the third quarter,” it reported, “up 290 basis points from 12.6% a year earlier.”
Low tech = low risk. A donut chain suffering from a cyberattack shows that it’s not just businesses “associated with high-tech services” that are at risk of harm, Alberto Farronato, chief marketing officer of Oasis Security, told Security Magazine. “[C]ybersecurity incidents can ripple across business operations and customer experiences,” he said, “causing operational disruptions, financial impact, and erosion of customer trust.”
The denial-of-donuts attack is one of at least several high-profile breaches this year to mess with a national restaurant chain, including the parent company of Panda Express this spring and Starbucks in November. The latter disruption resulted from a breach of a third-party system that Starbucks used to schedule employee shifts. For weeks, Starbucks-run stores in the US and Canada had to use manual replacements, including paper schedules, Bloomberg reported.