Krispy Kreme data breach sparks class action lawsuit

Krispy Kreme class action lawsuit overview:

• Who: A former employee of Krispy Kreme Doughnut Corp. has filed a proposed class action lawsuit against the company.
• Why: The plaintiff claims Krispy Kreme failed to properly protect its current and former employees’ personal information before a November 2024 data breach.
• Where: The Krispy Kreme class action lawsuit was filed in North Carolina federal court.

A former Krispy Kreme Doughnut employee has filed a proposed nationwide class action lawsuit against the company, claiming it failed to properly protect its current and former workers’ personal information before a November 2024 data breach.

Plaintiff Lily Peace claims Krispy Kreme and other food chains similar to it are “particularly vulnerable” to cyberattacks like the one the company discovered in November 2024.

The plaintiff argues, however, that despite purportedly knowing about the vulnerability, Krispy Kreme failed to engage in proper security procedures.

Krispy Kreme’s notice to its affected current and former employees said that 161,676 individuals’ private information was exposed as a result of the hack, the lawsuit states.

The plaintiff’s Krispy Kreme data breach class action lawsuit is one of several brought against the company over the November 2024 data breach, including at least seven others in North Carolina federal courts alone.

Krispy Kreme failed to encrypt, redact private information, class action alleges

Peace claims Krispy Kreme allegedly failed to comply with its data security obligations under the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act and general industry guidelines for data security.

“Defendant failed to adequately protect plaintiff’s and class members’ private information — and failed to even encrypt or redact this highly sensitive information,” the Krispy Kreme data breach class action states.

“This unencrypted, unredacted private information was compromised due to the defendant’s negligent and/or careless acts and omissions and its utter failure to protect its employees’ sensitive data,” the lawsuit added.

Peace wants to represent a proposed class of all persons in the United States whose private information may have been exposed in the November 2024 data breach.

The plaintiff claims Krispy Kreme is guilty of negligence, breach of implied contract and unjust enrichment and is demanding a jury trial, declaratory and injunctive relief and an award of compensatory and nominal damages for herself and all class members.

Lafayette Federal Credit Union is also facing multiple class action lawsuits alleging negligence in protecting customer information prior to a data breach.

Did you work for Krispy Kreme during the time of the data breach? Let us know in the comments.

The plaintiff is represented by David M. Wilkerson of Wilkerson Justus PLLC and Mariya Weekes of Milberg Coleman Bryson Phillips Grossman PLLC.

The Krispy Kreme data breach class action lawsuit is Peace v. Krispy Kreme Doughnut Corp., Case No. 3:25-cv-00436, in the U.S. District Court for the Western District of North Carolina.

Read About More Class Action Lawsuits & Class Action Settlements:

• Walgreens escapes lawsuit alleging L’Oreal hair relaxer caused plaintiff’s sister to die from cancer
• Casely hit with class action lawsuit over power pods overheating and catching fire
• Class action claims ‘preservative-free’ Emerald Nuts include artificial ingredient
• Class action alleges Nature’s Garden Yoggies contain no probiotics