[ad_1]
Krispy Kreme has reached a $1.6 million settlement agreement to resolve a proposed class‑action lawsuit tied to a 2024 cyberattack on the Charlotte-based doughnut maker.
The settlement is a major step toward compensating more than 161,000 current and former employees whose personal information was exposed in a 2024 cyberattack, according to the latest filings in U.S. District Court for the Western District of North Carolina.
Court filings from Krispy Kreme and the plaintiffs jointly emphasize the risks and uncertainties of continuing litigation, including challenges in proving damages, the evolving legal landscape for data breach claims and the potential for lengthy appeals.
The plaintiffs argue the settlement provides “meaningful and immediate relief” compared to the delays of trial.
Krispy Kreme denied wrongdoing but agreed to the settlement to avoid further costs and disruption, court records show.
Krispy Kreme officials did not respond to a request for comment Thursday.
About the Krispy Kreme data breach
Krispy Kreme discovered unauthorized access to its systems on Nov. 29, 2024, later confirming that cybercriminals had acquired a range of employee data. Exposed information included Social Security numbers, financial account information, driver’s license details, passport numbers, and even health and biometric data.
An internal review ended on May 22, 2025, according to the court filing. On June 16, Krispy Kreme began notifying people who were possibly impacted, The Charlotte Observer previously reported.
About 19,665 people were affected in North Carolina and 7,200 in South Carolina, the Observer reported.
The first lawsuit was filed on June 20, 2025, and 14 more followed. In September, the U.S. District Court for the Western District of North Carolina consolidated the cases and appointed interim class counsel.
Krispy Kreme proposed settlement terms
The agreement establishes a more than $1.6 million non-reversionary settlement fund, meaning none of the money returns to Krispy Kreme even if claims are low, according to the court filing.
The fund would provide:
- Up to $3,500 for class members with documented financial losses.
- An estimated $75 cash payment for those without documentation.
- One year of credit monitoring with identity‑theft insurance for all class members.
- All payments may be prorated depending on the number of valid claims.
Epiq Class Action & Claims Solutions, a national settlement administrator, would oversee the claims process. Notices would be distributed via postcard, publication, a website and a toll‑free hotline. Class members would have until 15 days before the final approval hearing to submit claims and 30 days before the hearing to object or opt out.
If the settlement receives final court approval, payments and credit‑monitoring benefits would begin after the effective date.
About Krispy Kreme
The 89-year-old doughnut company, best known for its “Hot Now” glazed doughnuts, started in Winston-Salem. Krispy Kreme moved its corporate offices and test kitchen in 2019 to Charlotte’s South End at 2116 Hawkins St.
In May 2025, the publicly-traded company stated during its first quarter earnings report that remediation of the 2024 cybersecurity incident cost Krispy Kreme about $4.4 million related to the incident. That included fees for cybersecurity experts and other advisors.
The doughnut chain operates in 40 countries and has more than 20,000 employees worldwide.
[ad_2]
Catherine Muccigrosso
Source link