Glazed and Confused: The Krispy Kreme Data Breach That Left Customers in a Sticky Situation

• by Olivia Lawlor-Blackburn
• General

In recent months, several organisations have experienced significant data breaches, underscoring the critical need for robust cybersecurity measures and proactive strategies, particularly in employee training.

In late November 2024, Krispy Kreme faced a cyberattack that disrupted its online ordering system across parts of the United States. The Play ransomware group claimed responsibility, alleging the theft of sensitive personal and financial data. This breach not only hindered customer transactions but also raised concerns about the potential misuse of compromised information.

Another example only last month, Reading Cooperative Bank (RCB), a Massachusetts-based lender, suffered a security incident stemming from a phishing attack. An employee inadvertently clicked on a phishing email from a known sender within the banking industry, potentially compromising personal information. This breach affected over 24,000 individuals, highlighting the severe consequences of sophisticated phishing schemes.

These incidents emphasise the necessity for organisations to adopt proactive cybersecurity strategies rather than reactive responses. Proactive measures involve identifying and mitigating potential threats before they materialise, thereby safeguarding sensitive data and maintaining customer trust.

Some of these key proactive strategies could include:

• Regular Security Assessments: Conducting thorough evaluations of IT infrastructures to identify and address vulnerabilities.
• Employee Training: Educating staff about cybersecurity best practices to prevent human errors that could lead to breaches.
• Access Controls: Implementing strict access controls ensures that only authorised personnel can access sensitive information, reducing the risk of internal threats.

Why Focus on Employee Training?

• Mitigating Human Error: A significant proportion of data breaches involve human elements, such as falling for phishing scams or mishandling sensitive information. Proper training equips employees with the knowledge to recognise and avoid potential threats.
• Reducing Financial Impact: Organisations that implement regular cybersecurity training for employees can see substantial cost benefits. For instance, employee training has been shown to reduce the cost of a data breach by an average of $232,867 according to SentinelOne.
• Enhancing Incident Response: Trained employees are better prepared to detect and respond to security incidents promptly, minimizing potential damage

By prioritising employee training and adopting proactive cybersecurity measures, businesses can significantly reduce the risk of data breaches, protect their reputation, and maintain customer trust.

Looking for information on Advent IM Data Protection Training? Visit our courses here.