Overview
- A November 2024 cyberattack exposed sensitive personal and financial data for more than 160,000 current and former Krispy Kreme employees, including names, birth dates, Social Security numbers, and account details.
- Plaintiffs and Krispy Kreme agreed to a proposed $1.6 million class-action settlement that was preliminarily approved in March and still requires a final court sign-off before any money or services are distributed.
- Eligible U.S. recipients who received a Notice of the Data Incident can choose an automatic $75 payment or submit an itemized claim for up to $3,500 that must include documentation like receipts or fraud records.
- Key deadlines: class members must file claims by June 22 to get a payment and must opt out by June 6 if they want to preserve separate legal rights; a final-approval hearing is scheduled for July 6, 2026.
- Krispy Kreme says it investigated and contained the breach with outside cybersecurity firms, notified law enforcement, and has offered affected employees credit monitoring, fraud consultation, and identity-restoration services.