All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
Customers and employees of Krispy Kreme had their Social Security numbers, financial data, and more stolen by a professional ransomware gang.
Now, over 160,000 Americans have until June 22 to claim their share of a $1.62 million settlement.
Extortionists don't only target banks and tech companies. Any business that collects sensitive personal data is a potential target, and Krispy Kreme collected plenty.
Krispy Kreme detected unauthorized activity on portions of its IT systems on November 29, 2024, and disclosed the incident to the Securities and Exchange Commission shortly after. A months-long forensic investigation, completed in May 2025, determined that personal information was stolen from 161,676 people across the country.
The Play ransomware gang claimed responsibility for the attack. The FBI and CISA have identified Play as one of the most active and destructive ransomware operations currently operating, linked to attacks on approximately 900 organizations since it emerged in 2022. When Krispy Kreme reportedly refused to pay, Play published all 184 GB of stolen data publicly. That's roughly the storage capacity to hold the complete personal files of every person affected, multiple times over.
In a now-removed notice on its website, Krispy Kreme acknowledged that the "vast majority of those receiving notices are affected Krispy Kreme employees, former employees, and members of their families." That language suggests some customers were also affected.
What was taken is striking in its breadth. Stolen data includes:
Eligibility for the settlement depends on whether you received a breach notification from Krispy Kreme. Current and former employees are the most likely class members, given that the most sensitive data originated from them. Online customers whose financial data was stored in affected systems may also qualify.
Under the proposed settlement, eligible class members have two options. Anyone who can document identity theft, fraud, or out-of-pocket losses tied directly to the breach can claim up to $3,500. Those without measurable financial losses can claim an estimated $75 cash payment with no supporting documentation required.
One year of free credit monitoring and identity theft protection is also included, and you don't need to file a separate claim to receive it. Class members are enrolled automatically.
According to the notice given to affected residents, Kroll Monitoring will provide ID theft protection, including single-bureau credit monitoring, fraud consultation, and identity theft restoration.
If you received a breach notification from Krispy Kreme:
1. File a claim at krispykremedatasettlement.com before June 22. Gather any receipts, bank statements, or documentation of losses if you're going for the full $3,500.
2. Set up identity theft monitoring to catch any misuse of your SSN or financial credentials before it compounds.
3. Remove your data from broker databases to reduce the number of places your information lives.
According to an All About Cookies survey on identity theft in America, nearly two in five identity theft victims (38%) had their data stolen through an online data breach. The data stolen in this breach is a particularly dangerous combination: identifying information like SSNs and passport numbers, paired with financial access credentials. That pairing is exactly what identity thieves use to open fraudulent accounts, file false tax returns, or drain accounts before a victim notices anything is wrong.
The risk extends beyond this specific breach. Your SSN, card numbers, and home address exist in more places than you've likely tracked: past employers, old loyalty apps, one-time checkout forms from years ago. A breach at any of those companies can push that information into criminal hands.
Krispy Kreme won't be the last company you've trusted that gets hit by ransom attacks. Play alone has conducted hundreds of attacks. Similar extortion groups like ShinyHunters are just as active right now.
Identity theft protection services monitor for signs that your information is being misused:
For someone who just learned their SSN was in a ransomware gang's data dump, that early warning system is the difference between catching fraud early and cleaning up a mess months later.
Look for a service that bundles credit alerts, dark web monitoring, and identity restoration support — the three things you need most after a breach like this one. Comprehensive ID theft protection services also fold in data removal services.
Automated data removal is a proactive approach in which opt-out and deletion requests are submitted on your behalf to the databases that aggregate and sell your personal information. Reducing how many places your data lives is a way to stay ahead of breaches you won't hear about until it's too late.
ID theft protection that monitors your SSN, bank accounts, credit cards, and brokerage and retirement accounts for suspicious activity
Every plan includes the full feature set, so no additional cost to unlock monitoring, insurance, or restoration
Bundles data removal with identity theft protection, antivirus, VPN, and a password manager in one subscription
File a claim at krispykremedatasettlement.com by June 22 if you received a breach notification. You may be owed up to $3,500, and the free year of credit monitoring is already in motion if you're part of the class.
The Krispy Kreme data is already out there. Check whether your information has appeared in any recent breaches or on the dark web by running a free data exposure scan.
Top-rated data removal service that scrubs your info from 420+ data broker sites automatically
Independently verified by Deloitte, meaning removals are actually sent, confirmed, and not just claimed
The Unlimited plan extends coverage to 2,000+ additional sites with human-assisted custom removals
/images/2023/05/18/deleteme_review-1.jpg)
/images/2023/07/07/best-identity-theft-protection-service.png)
/images/2026/05/27/pearland_texas_usa_-_february_19_2022_closeup_of_krispy_kreme_restaura_1ebMGCm.jpg)
/images/2025/10/01/is_aura_worth_it.jpg)
/images/2025/08/16/is_norton_lifelock_worth_it.jpg)
/images/2025/02/20/doge-data-survey.jpg)
/images/2024/10/30/identity_theft_protection_prices_omniwatch.jpg)
/authors/kate-quinlan-new.jpg){kind=small}
/authors/kalleigh-lane-new.jpg){kind=small}
/images/2023/05/25/logo-aura.png){kind=logo}
/images/2025/09/11/incogni-logo.png){kind=logo}
/authors/kate-quinlan-new.jpg)