Hackers found a security flaw and affected Krispy Kreme’s online systems in an attack, leaving customers in the US unable to order online. Physical stores were not affected, but it is likely sales suffered as a result of the hack. The incident occurred at the end of November and was revealed in a regulatory filing in December.

“We’re experiencing certain operational disruptions due to a cybersecurity incident, including with online ordering in parts of the United States,” a message on the Krispy Kreme website said while the company was working to resolve the issue together with cybersecurity specialists. No groups took responsibility for the hack, BBC reports.

The British news outlet adds that, according to the SSC filing, the donut chain expects costs to arise from a loss of digital sales, fees for the experts it has hired, and the restoration of impacted systems.

Photo: Krispy Kreme