Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year.
The attack, which was first disclosed in a filing to the Securities and Exchange Commission (SEC) in December 2024, has now been revealed to have impacted 161,676 individuals.
What is perhaps most alarming, however, is not the number of people who have had their sensitive personal information breached, but rather the type of information that was taken:
- Names
- Dates of birth
- Email addresses, usernames, and passwords
- Social Security numbers
- Passport numbers
- Biometric data
- Credit or debit card information in combination with a security code, username, and password to a financial account
- Credit or debit card information
- Digital signatures
- Driver's license or state ID numbers
- Financial account access information
- Financial account information
- Health insurance information
- Medical or health information
- US military ID numbers
- USCIS or Alien Registration Numbers
This, let us not forget, is information that was being stored by a company that sells doughnuts.
750,000 Impacted by Data Breach at The Alcohol & Drug Testing Service