The company has confirmed the incident and stated that its technical team is actively working to resolve the issue.
Krispy Kreme reported that the breach influenced its web-based platforms but did not affect in-store operations or the safety of customers' personal data.
The attack was first discovered at the end of November, the company said in a filing with Securities Exchange Commission (SEC).
Krispy Kreme said it "immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts."
Krispy Kreme shops globally are open, and consumers are able to place orders in person, but the company said it is "is experiencing certain operational disruptions, including with online ordering in parts of the United States."
Daily fresh deliveries to retail and restaurant partners have been continuing uninterrupted.
The company said it continues to work "diligently to respond to and mitigate the impact from the incident, including the restoration of online ordering," and has notified federal law enforcement.
"As the investigation of the incident is ongoing, the full scope, nature, and impact of the incident are not yet known," Krispy Kreme said.
Check back to Daily Voice for updates.
Click here to follow Daily Voice Annapolis and receive free news updates.