Krispy Kreme Data Breach Settlement Exposed Your Personal Data in 2024, Here’s How to Claim Up to $3,500 Until June 22
If Krispy Kreme sent you a data breach notice after November 2024, you have until June 22, 2026 to claim up to $3,500 — or a no-proof-needed $75 cash payment. Krispy Kreme Doughnut Corp. agreed to pay $1,616,760 to settle a class action lawsuit tied to a data breach discovered on November 29, 2024, which resulted in unauthorized access to sensitive personal information belonging to an estimated 161,676 current and former employees. The settlement is now open for claims.
| Field | Detail |
| Settlement Amount | $1,616,760 |
| Claim Deadline | June 22, 2026 |
| Who Qualifies | Current and former Krispy Kreme employees who received a breach notice |
| Payout Per Person | Up to $3,500 (documented losses) or ~$75 (no proof required) |
| Proof Required | Yes for loss claims; No for $75 cash or credit monitoring |
| Settlement Status | Open for Claims |
| Administrator | Epiq Global (Krispy Kreme Data Incident Settlement Administrator) |
| Official Website | krispykremedatasettlement.com |
Where things stand right now:
- The settlement is open for claims — the deadline to opt out is June 6, 2026 and the claim deadline is June 22, 2026.
- The final approval hearing is set for July 6, 2026 in the U.S. District Court for the Western District of North Carolina (Case No. 3:25-cv-00434).
- Payments will go out to approved claimants approximately 75 days after the court grants final approval.
How the Play Ransomware Group Got Into Krispy Kreme’s Systems
The breach, attributed to the Play ransomware group, was discovered on November 29, 2024, and compromised sensitive data including Social Security numbers, health insurance details, dates of birth, driver’s license numbers, financial account information, and biometric data.
The class action lawsuit claimed that Krispy Kreme failed to protect current and former employees’ sensitive personal information — including names, dates of birth, Social Security numbers, driver’s license or state ID numbers, financial account information, credit or debit card information, biometric data, health and health insurance information, USCIS or Alien Registration Numbers, military ID numbers, email addresses, passwords, passport numbers, and digital signatures.
Plaintiffs argued that Krispy Kreme had a legal duty to protect that information and failed to meet basic cybersecurity standards before the attack. Krispy Kreme denied the allegations but agreed to settle to avoid the uncertainty and cost of ongoing litigation and a possible trial.
Former and Current Krispy Kreme Employees Who Got a Notice Can File
Class members are individuals in the United States who were sent a notice indicating that their private information may have been impacted in the Krispy Kreme data breach.
You likely qualify if:
- You are a current or former Krispy Kreme employee whose data was exposed in the November 2024 breach
- You received a breach notification letter from Krispy Kreme Doughnut Corp.
- Your notice included a Unique ID and PIN (you need both to file online)
- You reside in the United States
If you worked at Krispy Kreme but haven’t received a notice and believe your data was exposed, contact Epiq Global at 1-877-239-1879 or email [email protected] before the June 22, 2026 deadline.
Related article: $24.45M LastPass Data Breach Settlement,LastPass Left Your Vault Exposed in 2022, Here’s How to Claim Up to $900,000 Before July 2
The $3,500 vs. $75 Choice — Which Krispy Kreme Payout Option Is Right for You
The settlement offers three separate benefits. You can combine them as long as your total cash payment does not exceed $3,500.
Up to $3,500 for documented out-of-pocket losses. Class members can claim up to $3,500 in documented losses related to fraud or identity theft resulting from the data breach. Documentation is required for this claim, including receipts, invoices, bank or credit card statements showing unreimbursed fees and fraudulent charges, and other proof of identity theft or fraud that occurred due to the data breach.
An estimated $75 cash payment — no proof needed. Class members who do not submit a documented losses claim can instead receive a cash payment estimated at $75. The final payment amount depends on the total number of claims filed. This is the right option if you haven’t experienced direct financial losses but still want to participate.
One year of free credit monitoring — no claim form required. All class members automatically receive one year of one-bureau credit monitoring services, which includes $1,000,000 in identity theft insurance with no deductible, without having to submit a claim form. Activation codes were sent with your breach notice or are available from Epiq Global directly.
How to File Your Krispy Kreme Settlement Claim Before June 22, 2026
You can file online or by mailed paper form. Online is faster and gives you more payment options.
- Visit krispykremedatasettlement.com and click “Submit a Claim”
- Log in using the Unique ID and PIN from your breach notification letter
- Choose your claim type — documented losses (up to $3,500), alternate cash payment (~$75), or both if applicable
- Upload supporting documents if you are claiming out-of-pocket losses (bank statements, receipts, credit card statements showing fraudulent charges)
- Select your preferred payment method — PayPal, Venmo, Zelle, ACH transfer, or paper check
- Submit and save your confirmation number
To file by mail, download the PDF claim form at krispykremedatasettlement.com, complete it, and postmark it by June 22, 2026 to: Krispy Kreme Data Incident Settlement Administrator, PO Box 2047, Portland, OR 97208-2047.
Estimated time to complete: 10 minutes.
Key Dates in the Krispy Kreme Data Breach Settlement
| Milestone | Date |
| Krispy Kreme Breach Discovered | November 29, 2024 |
| Breach Attributed to Play Ransomware Group | 2024 |
| Class Action Lawsuit Filed | 2025 |
| Settlement Proposed | January 28, 2026 |
| Preliminary Approval Granted | March 2026 |
| Opt-Out / Exclusion Deadline | June 6, 2026 |
| Claim Filing Deadline | June 22, 2026 |
| Final Approval Hearing | July 6, 2026 |
| Expected Payment Date | ~75 days after final approval |
Frequently Asked Questions
Do I need a lawyer to file a Krispy Kreme settlement claim?
No. The claim form is straightforward and takes about 10 minutes to complete at krispykremedatasettlement.com. Class counsel — Kopelowitz Ostrow Ferguson Weiselberg Gilbert P.A., Milberg Coleman Bryson Phillips Grossman LLP, and Cole & Van Note — already represents all class members collectively.
Is the Krispy Kreme settlement website legitimate?
Yes. The official and only authorized claim site is krispykremedatasettlement.com, administered by Epiq Global under court supervision. The case is In Re: Krispy Kreme Data Security Litigation, Case No. 3:25-cv-00434, U.S. District Court for the Western District of North Carolina. Do not submit your personal information to any other site.
When will Krispy Kreme settlement payments go out?
Settlement payments will be issued to approved claimants approximately 75 days after the court grants final approval. The final hearing is July 6, 2026, which puts the earliest likely payment window around September or October 2026.
What if I missed the Krispy Kreme claim deadline?
The deadline to file is June 22, 2026. If you miss it, you will not receive a cash payment. The opt-out deadline is June 6, 2026 — missing that means you remain in the class and give up the right to sue Krispy Kreme separately over this breach.
Will the Krispy Kreme settlement payment affect my taxes?
Possibly. Cash payments from data breach settlements may count as taxable income depending on your situation. The credit monitoring benefit is generally not taxable. Speak with a tax professional for advice specific to your circumstances.
I don’t have proof of identity theft. Can I still get paid?
Yes. The alternate $75 cash payment requires no documentation at all. Simply select that option on your claim form. You also receive free credit monitoring automatically — no claim form needed for that benefit either.
What exactly did the Play ransomware group steal from Krispy Kreme?
Exposed data included names, Social Security numbers, dates of birth, driver’s license or state ID numbers, financial account information, credit or debit card information, biometric data, health and health insurance information, USCIS or Alien Registration Numbers, military ID numbers, email addresses, passwords, passport numbers, and digital signatures. Your breach notice should specify which categories of your information were affected.
What did the Krispy Kreme data breach cost the company beyond the settlement?
Krispy Kreme confirmed that revenues were down by over 10% following the cybersecurity incident, as the breach disrupted online ordering systems across the U.S.
Sources & References
- Official settlement website: krispykremedatasettlement.com
- Class notice: krispykremedatasettlement.com/Long-Form-Notice.pdf
Last Updated: March 28, 2026
Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah