By Kashmira Konduparty
Krispy Kreme customers affected by a 2024 data breach have a limited time remaining to file claims for compensation through a proposed class-action settlement. Eligible individuals may receive up to $3,500 for documented losses related to fraud or identity theft connected to the breach, according to a report by Live Now. The deadline to submit claims is June 22, 2026.
The breach was discovered by Krispy Kreme on Nov 29, 2024. According to court documents, exposed information may have included names, dates of birth, Social Security numbers and financial account information. The lawsuit alleged Krispy Kreme failed to implement adequate cybersecurity protections.
READ: Canvas parent firm reaches deal with hackers after massive breach (May 12, 2026)
A proposed settlement worth about $1.6 million was reached in the class-action case. People with documented financial losses tied to the breach can claim reimbursement of up to $3,500. Those without documentation may still qualify for an estimated $75 cash payment, according to the settlement website.
Eligible individuals can also receive one year of free credit monitoring services. Credit monitoring will be available regardless of whether a monetary claim is filed. However, only people who submit claim forms before the deadline can receive cash compensation.
The deadline to opt out and file objections of the settlement is June 6. And the deadline to submit claim forms online or by mail is June 22 of this year. A final court approval hearing is scheduled for July 6 in North Carolina.
READ: Hims & Hers hack: Telehealth company reports customer support system breach (April 3, 2026)
The settlement applies to U.S. residents who received official notification that their personal information may have been impacted in the breach. Approximately 161,000 current and former employees were reportedly affected.
Krispy Kreme denied wrongdoing and denied liability in the lawsuit. The company agreed to the settlement to resolve the claims without further litigation. Court filings state no determination of wrongdoing has been made against the company.
The settlement reflects growing legal and financial pressure on companies facing cybersecurity breaches involving customer and employee information. As data breaches continue affecting major businesses across the U.S., consumers are increasingly being encouraged to monitor accounts and credit activity after security incidents.