Krispy Kreme Doughnut Corp. negligently failed to protect the personal information of nearly 162,000 current and former employees that was exposed during a November 2024 data breach, a proposed federal class action said.
Lead plaintiff Lily Peace alleged that Krispy Kreme breached its duties under common law, contract law, industry standards, the Health Insurance Portability and Accountability Act, and the Federal Trade Commission Act to implement reasonable and adequate data-security measures and provide timely notice of the incident.
Information exposed in the breach included names, Social Security numbers, dates of birth, driver’s licenses or state ID numbers, financial-account information, credit- ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.