Sign Up for Krispy Kreme Class Action Lawsuit
Krispy Kreme class action lawsuit is currently open:
Those who meet eligibility criteria should apply before the deadline June 19, 2026. Krispy Kreme suffered a cyberattack exposing employee SSNs, financial data, biometrics, and passport numbers — affecting current and former workers nationwide.
Krispy Kreme Class Action Lawsuit
A class action lawsuit has been filed against Krispy Kreme Doughnut Corporation due to a November 2024 cyberattack that exposed sensitive private information belonging to current and former employees across its 1,400+ U.S. locations.
The Krispy Kreme data breach class action case centers on the company's alleged failure to protect employee data stored in its corporate IT systems. On November 29, 2024, Krispy Kreme confirmed cybercriminals had accessed and acquired an exceptionally broad range of private information — including Social Security numbers, financial account credentials, driver's licenses, passport numbers, biometric data, US military ID numbers, and protected health information. The Krispy Kreme data breach legal claims include negligence, breach of implied contract, and violations of state consumer protection statutes.
Plaintiff Fortesa Bobo filed the first complaint on June 20, 2025 — seven months after the breach — followed by 14 additional lawsuits, all consolidated by the court on September 18, 2025. Class counsel includes Scott Cole of Cole & Van Note, Jeff Ostrow of Kopelowitz Ostrow P.A., Mariya Weekes of Milberg PLLC, and David Wilkerson of Wilkerson Law. The case reached a settlement agreement in under eight months, filed January 27, 2026.
Krispy Kreme Class Action Settlement - $1,616,760
The latest Krispy Kreme data breach settlement update: Krispy Kreme Doughnut Corporation has agreed to a $1,616,760 settlement fund to resolve claims that it failed to protect current and former employee private information from a November 2024 cyberattack.
The Krispy Kreme data breach settlement eligibility covers all living U.S. residents who received a breach notice from Krispy Kreme confirming their private information was impacted — meaning class membership is entirely notice-based, with no self-attestation pathway. This is an employee-only settlement; customers are not covered. As part of the Krispy Kreme lawsuit settlement amount, every class member automatically receives one year of credit monitoring with $1,000,000 in identity theft insurance at no deductible — without filing a claim.
Deadline for filing a claim: June 19, 2026
Employee Data Breach Class Action Payout: $75 - $3,500
The Krispy Kreme settlement amount per person depends on which option you choose. Claimants with documented fraud or identity theft losses can claim up to $3,500 with supporting documentation. Those without proof receive a flat ~$75 alternative cash payment, subject to pro rata adjustment based on total valid claims submitted. If you're wondering how much will I get from the Krispy Kreme data breach lawsuit, the flat $75 is the baseline — but actual amounts may shift up or down based on claim volume.
The Krispy Kreme settlement payout date is tied to the final approval hearing on July 6, 2026 at 9:30 AM EDT. If approved without appeals, payments are distributed thereafter — the settlement does not specify a fixed payment window
Employee Data Breach Class Action Settlements
Employee Data Breach Class Action Eligibility
A class action lawsuit has been filed against Krispy Kreme Doughnut Corporation due to a November 2024 cyberattack that compromised the private information of current and former employees stored in its corporate IT systems.
Are you a Krispy Kreme data breach class action claimant? You qualify if:
- You are a living individual residing in the United States
- You were sent a breach notice from Krispy Kreme confirming your private information may have been impacted in the November 29, 2024 data incident
- You are a current or former Krispy Kreme employee — customers are not covered
- You have not previously released claims against Krispy Kreme related to this incident
- You are not a company insider, settlement administrator employee, or judge presiding over the case
What the claim form asks
- Did you receive a data breach notice from Krispy Kreme for the November 2024 incident?
- Are you claiming Cash Payment A (documented losses, up to $3,500) or Cash Payment B (~$75 flat)?
- If claiming documented losses — can you provide receipts, statements, or records of fraud-related expenses?
- Payment preference and contact information
This is one of the few data breach settlements where eligibility is 100% notice-gated — Krispy Kreme's own internal records determine who is in the class. If you were not sent a breach notice, you cannot self-certify into the settlement regardless of your employment history with the company.
Employee Data Breach Class Action Claim Form
1
2
3
FAQ
Employee data only. The breach targeted Krispy Kreme's corporate HR systems, not its customer loyalty platform or point-of-sale systems. If you bought doughnuts but never worked for Krispy Kreme, you are not covered by this settlement.
Krispy Kreme detected the breach November 29, 2024, but completed its internal data review on approximately May 22, 2025, and began sending notices around June 16, 2025. Plaintiffs argue this delay prevented employees from taking timely protective action.
The breach included an unusually wide scope: biometric data, US military ID numbers, USCIS/Alien Registration Numbers, passport numbers, digital signatures, protected health information, and credit/debit card security codes — rare in a food-service industry breach.
No. Every class member automatically receives one year of credit monitoring with $1,000,000 in identity theft insurance and no deductible, simply by staying in the settlement. Your activation code was included on your postcard notice.
Fifteen total. Fortesa Bobo filed first on June 20, 2025. Fourteen more followed, all consolidated into a single action by the court on September 18, 2025 — less than three months after the first filing.
Class counsel is requesting one-third of the total settlement fund — $538,920 — plus reimbursement of costs. Each of the 14 named plaintiffs is also seeking a $1,500 service award, paid from the settlement fund.
Yes. The ~$75 flat cash payment is explicitly subject to pro rata adjustment based on total valid claims submitted. If more people file than expected, the per-person amount goes down. The settlement describes it as an "estimated" amount, not a guaranteed floor.
No. Unlike many data breach settlements, this one contains no injunctive relief requiring Krispy Kreme to implement specific security upgrades, audits, or third-party assessments. The settlement is purely monetary.
Yes. Krispy Kreme Doughnut Corporation is publicly traded. The motion for preliminary approval describes the company as "a publicly traded international doughnut and coffeehouse chain," which means the breach would have required securities disclosure obligations separate from consumer notification.
Yes. Credit monitoring is automatic for all class members. You can additionally file a claim for either Cash Payment A (up to $3,500 with documentation) or Cash Payment B (~$75 flat) — but you must choose one cash option, not both.