Krispy Kreme's $1.6 million data breach settlement deadline nears

Krispy Kreme agreed to a $1.6 million settlement over a Nov. 2024 data breach that exposed sensitive personal information belonging to roughly 161,000 current and former employees — and the deadline to file a claim is June 22, 2026.

The settlement website says the exposed data included names, dates of birth, Social Security numbers, and financial account details. Krispy Kreme announced the breach in December 2024 and settled the case in March. The company says it did nothing wrong and is not admitting liability.

To qualify, individuals must be U.S. residents who received a notification indicating that their personal data may have been exposed. A flat $75 payment is available to claimants who submit no supporting documentation, though the final figure is subject to change based on overall claim volume. For those who experienced fraud or identity theft as a result of the breach, up to $3,500 in reimbursement is available — provided the claim form is accompanied by supporting evidence such as receipts, correspondence, or phone records.

Claims can be submitted online or by mail. Any claim form sent through the mail needs to carry a postmark no later than June 22, 2026. The settlement administrator can also be reached by phone at 877-239-1879 or by writing to Krispy Kreme Data Incident Settlement Administrator, PO Box 2047, Portland, OR 97208-2047.

The June 6, 2026 deadline applies to anyone seeking to remove themselves from the settlement or formally challenge its terms. Even those who skip the claims process entirely can access twelve months of free credit monitoring — activation requires the code that should have arrived with the mailed breach notification, the settlement website notes.

No payments will be issued until a judge grants final approval of the settlement.

View Comments