Krispy Kreme (DNUT, Financial) is experiencing significant challenges, trading at all-time lows after missing Q4 earnings and revenue estimates. The donut maker's FY25 EPS and revenue guidance also fell short due to a cybersecurity incident that occurred during a critical period in late November. This incident cost the company approximately $11 million in Q4 sales and $10 million in adjusted EBITDA. Although systems are restored, DNUT expects additional costs in FY25 from operational inefficiencies and cybersecurity fees.

Adding to the difficulties, consumer spending remains sluggish, impacting DNUT's outlook. Despite this, the company anticipates positive revenue growth in FY25, driven by its DFD (delivered fresh daily) network expansion, particularly with partners like McDonald's (MCD, Financial), Target (TGT, Financial), and Kroger (KR, Financial). However, this growth is expected to be unprofitable due to margin compression from the cybersecurity incident and long-term investments.

• Q4 saw organic revenue growth of 1.8%, despite a 280-bps headwind from lost revenue due to the cybersecurity incident affecting online orders in parts of the U.S. This growth was supported by a 24.1% increase in Global Points of Access to 17,557, boosted by DNUT's partnership with MCD. Approximately 1,900 MCD locations offered DNUT donuts in Q4, with 500 more added in New York City.
• Expanding Global Points of Access is crucial to DNUT's growth strategy. By next year, DNUT aims to deliver to 12,000 MCD restaurants and has completed a pilot with Costco (COST, Financial). The company is also considering outsourcing U.S. logistics and has engaged with national and regional carriers.
• Internationally, organic revenue grew by 7.8%, compared to a 1.2% decline in the U.S., driven by premiumization and a 14% increase in access points to 648. However, adjusted EBITDA fell by nearly 8% to $25.7 million due to lower U.K. volumes, leading to deleveraging. DNUT is exploring refranchising opportunities in certain international markets to improve overseas results.

The main takeaway is that the unexpected severity of the cybersecurity incident has further dampened investor sentiment, already affected by concerns over weak consumer spending trends.