Krispy Kreme is struggling to meet online orders of its doughnuts, after a cybersecurity attack that continues to disrupt the company’s operations almost two weeks after it was noticed.

The doughnut maker said on Wednesday that it became aware of “unauthorized activity” on a portion of its computer systems on 29 November.

In a filing to the US Securities and Exchange Commission (SEC), the company said that it immediately launched an investigation designed to “contain and remediate the incident”, but added that operational disruptions were continuing.

Online ordering of Krispy Kreme doughnuts have been hit especially hard in parts of the US. The company stressed that in-person sales, and deliveries to its partners, including McDonald’s through which it is expanding its outlets nationwide, have not been affected.

The SEC filing said that the ongoing investigation had yet to gauge “the full scope, nature and impact of the incident”. No groups have come forward to claim responsibility for the attack, and it is not publicly known whether ransomware was involved.

Online orders amount to about 16% of Krispy Kreme’s sales. The chain, which has more than 1,500 shops and employs more than 20,000 people globally, said it did not expect any long-term impact from the breach, but said in the short term its loss of revenue from digital sales and the cost of paying for cybersecurity experts would hit its finances.

The company’s stock press fell 2% on Wednesday morning when news of the attack was released.