A data breach that exposed some of the most sensitive personal information led to a settlement
The deadline to submit a claim in Krispy Kreme’s $1.6 million data breach settlement is Monday, June 22, and anyone who qualifies needs to act before the day is out. Claims must be submitted online or postmarked by that date to be eligible for a cash payout.
The settlement stems from a class action lawsuit alleging that the doughnut chain failed to adequately protect employee data after a cyberattack in November 2024. Krispy Kreme detected suspicious activity on its computer systems on November 29, 2024, and confirmed that cybercriminals accessed and stole personal information belonging to 161,676 current and former employees. The stolen data included names, dates of birth, Social Security numbers, and financial account access information.
Krispy Kreme denies any wrongdoing or liability as part of the settlement agreement.
Who qualifies and what they can receive
Eligibility is limited to individuals residing in the United States who were sent a notice indicating their personal information may have been affected by the breach. If you received that notice, you are considered a class member and can file a claim on the settlement website or by mail using the address on the claim form. Claims can also be requested by calling 877-239-1879.
All class members who file are eligible to receive a $75 cash payment, though the actual amount per claimant could shift depending on how many total claims are submitted before the deadline.
Class members who experienced documented losses as a result of the breach, including fraud, identity theft, or related out-of-pocket expenses, can claim up to $3,500 in reimbursement. Supporting documentation is required, including receipts, emails, or phone records that connect the losses to the breach.
Class members who do not submit a claim before the deadline will still receive one year of credit monitoring at no cost. Activation codes for that service were included on the postcard notices sent to eligible employees.
What the breach cost Krispy Kreme beyond the settlement
The financial damage from the 2024 cyberattack extended well beyond the settlement itself. According to the company’s first quarter 2025 earnings report, Krispy Kreme recorded approximately 5 million dollars in operational inefficiencies tied directly to the incident, with 4.4 million of that figure attributed to remediation costs including fees for cybersecurity experts and outside advisors.
The $1.6 million settlement represents the company’s agreed resolution of the class action claims, separate from those internal costs. For affected employees who have not yet filed, Monday is the last opportunity to receive any direct financial benefit from the case.
How to file before the deadline
Claims can be submitted through the settlement website at krispykremedatasettlement.com. Paper claim forms are available through the same site or by calling the administrator directly. For class members with documented losses, supporting materials must be attached to the claim form at the time of submission.
The settlement FAQ page on the website covers eligibility questions, payout calculations, and documentation requirements for those seeking the higher reimbursement tier. The deadline is firm and no extensions have been announced.