Skip to content 
Krispy Kreme has agreed to a proposed $1,616,760 class action settlement over a data incident discovered in November 2024, creating a narrow window for eligible people to seek cash compensation.
The largest possible Krispy Kreme settlement payout amount is $3,500, but only for class members who can document losses tied to fraud or identity theft connected to the breach.
Who Qualifies
The settlement is not open to every Krispy Kreme customer. According to the official court-authorized notice, the class includes living individuals in the United States who were sent notice that their private information may have been affected.
The settlement agreement says cybercriminals accessed and acquired private information belonging to 161,676 former and current Krispy Kreme employees.
The information involved may have included names, dates of birth, Social Security numbers and financial account access information, according to the official notice. That mix of data explains why the settlement centers on fraud, identity theft and credit monitoring rather than ordinary consumer inconvenience.
How Much People Can Get
Eligible class members have two cash options. Those with documented losses can submit a claim for up to $3,500. Acceptable documentation may include telephone records, correspondence such as emails, or receipts.
Personal statements alone do not qualify as reasonable documentation, although they may help explain other evidence.
A second option allows class members to request an estimated $75 cash payment without documenting losses. That figure is not guaranteed.
The settlement notice says payments can rise or fall on a pro rata basis depending on the number and total value of valid claims submitted.
Credit Monitoring Comes Separately
All settlement class members are also set to receive 1 year of credit monitoring without submitting a claim form. The notice says that benefit becomes active only after final approval and once the settlement becomes effective.
People who do nothing will receive no cash payment, but they will still receive credit monitoring and give up certain legal rights tied to the case.
Key Deadlines
Cash claims must be submitted online or postmarked by June 22, 2026. Anyone who wants to opt out or object must act by June 6, 2026.
A final approval hearing is scheduled for July 6, 2026, before U.S. District Judge Max O. Cogburn Jr. in Charlotte, North Carolina.
What Krispy Kreme Reported
Krispy Kreme disclosed the cybersecurity incident in a December 2024 filing with the Securities and Exchange Commission.
The company said it was notified on November 29, 2024, about unauthorized activity on part of its information technology systems and began working with cybersecurity experts to investigate, contain and remediate the incident.
The company said its shops remained open for in-person orders, but online ordering in parts of the United States was disrupted.
Reuters reported at the time that Krispy Kreme shares fell about 2% in premarket trading after the disclosure, while the company warned that digital sales losses and response costs were reasonably likely to have a material impact during recovery.
No Admission of Wrongdoing
The settlement still requires final court approval. Settlement documents state that no benefits will be paid unless the court approves the deal.
Krispy Kreme has denied wrongdoing, and the settlement resolves the litigation without a court finding that the company violated the law.
