When a company gets breached these days, the cleanup bill rarely stops at fixing the systems that were broken into. Companies end up paying for legal settlements, customer reimbursements, ide
When a company gets breached these days, the cleanup bill rarely stops at fixing the systems that were broken into.
Companies end up paying for legal settlements, customer reimbursements, identity protection services, and years of trying to win back people who no longer trust them with their data.
IBM's 2025 Cost of a Data Breach Report put the average breach at $10.22 million for a U.S. company, the highest figure the firm has ever recorded. A recent settlement at Krispy Kreme and an ongoing mess at Coinbase show what those costs actually look like on the ground.
Related: Treasury officials push for a $250 bill featuring Trump's face
Krispy Kreme is the North Carolina-based doughnut and coffee chain founded in 1937, with more than 1,400 shops worldwide and a presence in grocery stores and gas stations across the U.S. It trades publicly on the Nasdaq under the ticker DNUT.
The company agreed to a $1.6 million settlement over a November 2024 data breach that affected 161,676 people, per breach and settlement records.
Here is what eligible people can claim:
The breach exposed names, dates of birth, Social Security numbers, and financial account details.
Claims have to be filed online or postmarked by June 22, 2026. The online portal is here. Mail-in claims go to the Krispy Kreme Data Incident Settlement Administrator, PO Box 2047, Portland, OR 97208-2047.
Krispy Kreme has denied wrongdoing, and the settlement resolves the case without a court finding the company liable.
The company said it became aware of "unauthorized activity" on part of its IT systems on Nov. 29, 2024, and "immediately began taking steps to investigate, contain, and remediate the incident."
Retail brands are not the only ones dealing with this. Crypto companies are getting hit the same way, and when they do, the numbers run a lot higher.
On May 15, 2025, Coinbase said criminals had bribed and recruited rogue overseas support agents to steal customer data, which they then used to run social engineering attacks. The company said passwords, private keys, funds, and wallets were never compromised.
The attackers demanded $20 million to keep quiet. Coinbase turned them down.
"We said no," Coinbase, on the $20 million extortion demand
The company said it would not fund criminal activity. Instead, it laid out a different plan:
Coinbase later estimated the incident could cost between $180 million and $400 million in remediation and voluntary customer reimbursements.
If you believe your personal information was exposed in a breach, official claim details are usually available through your state attorney general's office or the settlement administrator named in any notice you receive.
Related: Michael Burry drops bombshell on SpaceX, OpenAI IPOs
