Major U.S. multinational doughnut and coffeehouse chain Krispy Kreme was claimed to have been breached by the Play ransomware operation, which warned of exposing the entire data trove exfiltrated from its networks late last month by Saturday, reports Cybernews.
Details regarding the amount of data stolen from Krispy Kreme have not been provided but Play asserted the theft of the pastry giant's financial information, private and personal confidential information, client files, accounting, budget, and payroll details, taxes, contracts, and IDs. Such a development comes as Krispy Kreme disclosed restoring most of its online ordering processes that had been disrupted by the intrusion, which was initially disclosed to the Securities and Exchange Commission on Dec. 11. Meanwhile, nearly 350 organizations, most of which were in the U.S., Canada, Latin America, and Europe, have been compromised by Play ransomware over the past year, making it the third most prolific ransomware gang this year behind LockBit and RansomHub, according to the Cybernews Ransomlooker monitoring tool.
