Advertiser Disclosure
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this
site are from third-party advertisers from which All About Cookies receives compensation. This compensation
may impact how and where products appear on this site (including, for example, the order in which they
appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor
do
we include all companies or all available products. Information is accurate as of the publishing date and
has
not been provided or endorsed by the advertiser.
Close
Editorial Policy
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help
you, our reader, make online privacy decisions with confidence. Here’s what you can expect from us:
-
All About Cookies makes money when you click the links on our site to some of the products and offers that
we mention. These partnerships do not influence our opinions or recommendations. Read more about how we
make money. - Partners are not able to review or request changes to our content except for compliance reasons.
-
We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we
cannot guarantee we haven’t missed something. It’s your responsibility to double-check all information
before making any decision. If you spot something that looks wrong, please let us know.
Close
Customers and employees of Krispy Kreme had their Social Security numbers, financial data, and more stolen by a professional ransomware gang.
Now, over 160,000 Americans have until June 22 to claim their share of a $1.62 million settlement.
Extortionists don’t only target banks and tech companies. Any business that collects sensitive personal data is a potential target, and Krispy Kreme collected plenty.
How a ransomware gang stole 184 GB of Krispy Kreme data
Krispy Kreme detected unauthorized activity on portions of its IT systems on November 29, 2024, and disclosed the incident to the Securities and Exchange Commission shortly after. A months-long forensic investigation, completed in May 2025, determined that personal information was stolen from 161,676 people across the country.
The Play ransomware gang claimed responsibility for the attack. The FBI and CISA have identified Play as one of the most active and destructive ransomware operations currently operating, linked to attacks on approximately 900 organizations since it emerged in 2022. When Krispy Kreme reportedly refused to pay, Play published all 184 GB of stolen data publicly. That’s roughly the storage capacity to hold the complete personal files of every person affected, multiple times over.
In a now-removed notice on its website, Krispy Kreme acknowledged that the “vast majority of those receiving notices are affected Krispy Kreme employees, former employees, and members of their families.” That language suggests some customers were also affected.
What was taken is striking in its breadth. Stolen data includes:
- Social Security numbers
- Driver’s licenses
- Financial account numbers and login credentials
- Debit and credit card numbers with security codes
- Passport numbers
- Biometric data
- Health insurance details
- USCIS and Alien Registration numbers
- Military identification numbers
- Digital signatures
Who’s eligible for the settlement and what you could receive
Eligibility for the settlement depends on whether you received a breach notification from Krispy Kreme. Current and former employees are the most likely class members, given that the most sensitive data originated from them. Online customers whose financial data was stored in affected systems may also qualify.
Under the proposed settlement, eligible class members have two options. Anyone who can document identity theft, fraud, or out-of-pocket losses tied directly to the breach can claim up to $3,500. Those without measurable financial losses can claim an estimated $75 cash payment with no supporting documentation required.
One year of free credit monitoring and identity theft protection is also included, and you don’t need to file a separate claim to receive it. Class members are enrolled automatically.
According to the notice given to affected residents, Kroll Monitoring will provide ID theft protection, including single-bureau credit monitoring, fraud consultation, and identity theft restoration.
What to do right now
If you received a breach notification from Krispy Kreme:
1. File a claim at krispykremedatasettlement.com before June 22. Gather any receipts, bank statements, or documentation of losses if you’re going for the full $3,500.
2. Set up identity theft monitoring to catch any misuse of your SSN or financial credentials before it compounds.
3. Remove your data from broker databases to reduce the number of places your information lives.
According to an All About Cookies survey on identity theft in America, nearly two in five identity theft victims (38%) had their data stolen through an online data breach. The data stolen in this breach is a particularly dangerous combination: identifying information like SSNs and passport numbers, paired with financial access credentials. That pairing is exactly what identity thieves use to open fraudulent accounts, file false tax returns, or drain accounts before a victim notices anything is wrong.
The risk extends beyond this specific breach. Your SSN, card numbers, and home address exist in more places than you’ve likely tracked: past employers, old loyalty apps, one-time checkout forms from years ago. A breach at any of those companies can push that information into criminal hands.
Krispy Kreme won’t be the last company you’ve trusted that gets hit by ransom attacks. Play alone has conducted hundreds of attacks. Similar extortion groups, like ShinyHunters, are just as active right now, as shown by the Canvas data breach.
Protect your identity and reduce your exposure
Identity theft protection services monitor for signs that your information is being misused:
- Alerts when your SSN appears in a new credit application
- Notifications when your data surfaces on the dark web
- Insurance and live support if your identity is actually compromised
For someone who just learned their SSN was exposed in a ransomware gang’s data dump, that early warning system is the difference between catching fraud early and cleaning up a mess months later.
Look for a service that bundles credit alerts, dark web monitoring, and identity restoration support — the three things you need most after a breach like this one. Comprehensive ID theft protection services also fold in data removal services.
Automated data removal is a proactive approach in which opt-out and deletion requests are submitted on your behalf to the databases that aggregate and sell your personal information. Reducing how many places your data lives is a way to stay ahead of breaches you won’t hear about until it’s too late.
Bottom line
File a claim at krispykremedatasettlement.com by June 22 if you received a breach notification. You may be owed up to $3,500, and the free year of credit monitoring is already in motion if you’re part of the class.
The Krispy Kreme data is already out there. Check whether your information has appeared in any recent breaches or on the dark web by running a free data exposure scan.
Author Details
Kate Quinlan is a Senior Editor at All About Cookies, where she has tested dozens of digital security tools and contributed to more than 370 articles spanning web hosting, VPNs, ad blockers, parental controls, and data security. Before joining AAC, she managed a team of more than 150 writers at SuperSummary, where she developed editorial standards at scale. She holds a B.A. in Professional Writing from Kutztown University.
Click Here For The Original Source.
