Fraud and donuts. The words don’t necessarily go hand and hand. But the comparison of fraud to a donut, while seemingly unusual, holds some interesting and surprisingly relevant points. A donut can be appealing and enticing with its glaze and sprinkles, while fraud can initially appear legitimate or even attractive to potential victims. And the hole in the center of a donut reveals the emptiness or deception at the core of the scheme. A donut is easy to consume. Falling victim to fraud can also be deceptively easy, although the financial losses, stress, and potential legal ramifications can be much harder to digest and recover from. And the list goes on. But if one didn’t still see how donuts and fraud go together, then listen to the announcement made by Krispy Kreme on May 22, 2025.
In a mandatory SEC filing, Krispy Kreme, the distributor of deliciousness and donuts, announced that it had suffered a cyber-attack. On November 29, 2024, Krispy Kreme became aware of unauthorized activity on a portion of its information technology systems. Upon further investigation, and announced on May 22, 2025, Krispy Kreme determined that certain personal information of their employees and family were compromised.
The fraudster may have siphoned sensitive personal information, including names, Social Security numbers, dates of birth and driver’s license or state ID numbers. The thief also seems to have copied financial data such as financial account access records, credit or debit card entries, along with security codes, as well as usernames and passwords to financial accounts. Other customer data that might have been seized include digital signatures, usernames and passwords, email addresses and passwords, biometric records, USCIS or Alien Registration Numbers, US military ID numbers, medical or health records and health insurance information.
Great job by Krispy Kreme who sent letters of notification immediately to affected customers and getting this bad news out to the public as quickly as possible.
Today’s Fraud of The Day is based on article “Hackers Hit Krispy Kreme – 161,676 Americans Warned Social Security Numbers, Names, Drivers Licenses and Other Sensitive Data At Risk” published by The Daily HODL on June 28, 2025.
Krispy Kreme is warning tens of thousands of Americans that they are now at risk of identity theft and fraud following a major cybersecurity incident.
In a new filing with the Office of the Maine Attorney General, the doughnut and coffeehouse giant says it has discovered a computer hack affecting 161,676 employees, former employees and members of their families. In a statement, the firm says that an unknown actor gained unauthorized access to the retailer’s information technology systems, stealing multiple types of data.
