Krispy Kreme employees may get more than just free donuts, with a portion of a $1.6 million settlement still up for grabs.
The settlement follows a class action lawsuit filed on behalf of individuals affected by a November 2024 data breach. A cyberattack compromised the personal information—including names, numbers, dates of birth, social security information, and financial accounts—of over 160,000 current and former employees.
The breach was disclosed by Krispy Kreme in December 2024 and a preliminary settlement approval was reached in March. Those affected who wish to submit a claim must do so by June 22 to receive a payment.
Qualifying employees must be residents in the U.S. and must have received a Notice of the Data Incident via email, letting them know their data was compromised during the attack.
“Upon learning of the unauthorized activity, we immediately began taking steps to investigate, contain, and remediate the incident with the assistance of leading cybersecurity experts,” the individual notice said. “In addition to containing the incident, we contacted law enforcement and engaged leading cybersecurity firms to assist us in assessing the incident’s scope and cause.”
Employees were also offered identity monitoring services like credit monitoring, fraud consultation, and identity theft restoration, the notice said.
Those who believe they have been affected but did not receive a notice should contact the settlement administrators. Eligible class members may accept a single payment of $75 or go the extra mile by submitting an itemized claim form for up to $3,500. Individuals may file by mail or online via the settlement’s website. The itemized claim must provide proof like receipts, emails or phone records.
Persons affected by the security breach who wish to reserve their right to sue in the future may opt out of the settlement if they do so before June 6.
