Gelatissimo Hit by DragonForce Ransomware Attack, 352GB of Data Allegedly Stolen
Australia’s largest gelato retailer, Gelatissimo, has been listed on the dark web leak site of the DragonForce ransomware gang, which claims to have exfiltrated 352.24GB of sensitive data in the breach. The company, operating over 50 locations in Australia and several overseas including six outlets in the Philippines has yet to publicly respond to the incident.
DragonForce posted a sample of the stolen data, including six screenshots of internal documents. The exposed files contain employee and executive details, such as names, income types, partial tax file numbers, emails, phone numbers, and roles. Additional leaked documents include a financial receipt with account details, an incident report, a bank statement, and a visa application form with extensive personal data.
The threat group has threatened to publish the full dataset in just over four days from the time of the leak’s announcement.
About DragonForce
DragonForce operates as a ransomware-as-a-service (RaaS) group, offering its malware to affiliates in exchange for a 80% cut of ransom payments. The gang, which has claimed 505 victims to date more than double its count from September 2023 is believed to have ties to the LockBit ransomware operation and employs double-extortion tactics.
In a 2023 attack on Queensland’s Toowoomba Friendlies Society Dispensary, DragonForce leaked 35.82GB of data, including highly sensitive medical records such as patient names, addresses, treatment details (including methadone prescriptions), vaccination lists, staff payroll information, and scans of Medicare cards and driver’s licenses.
Gelatissimo TPRM report: https://www.rankiteo.com/company/gelatissimo
"id": "gel1777366842",
"linkid": "gelatissimo",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Food & Beverage',
'location': 'Australia, Philippines',
'name': 'Gelatissimo',
'size': '50+ locations in Australia, 6 in the '
'Philippines',
'type': 'Retailer'}],
'data_breach': {'data_exfiltration': 'Yes (352.24GB stolen)',
'file_types_exposed': ['Documents',
'Images of sensitive forms'],
'personally_identifiable_information': ['Names',
'Emails',
'Phone numbers',
'Partial tax file '
'numbers',
'Roles',
'Bank account details',
'Visa application '
'data',
'Medicare card scans '
'(from prior attack '
'reference)'],
'sensitivity_of_data': 'High (personal, financial, and '
'identification data)',
'type_of_data_compromised': ['Employee and executive details',
'Financial receipts',
'Incident reports',
'Bank statements',
'Visa application forms']},
'description': 'Australia’s largest gelato retailer, Gelatissimo, has been '
'listed on the dark web leak site of the DragonForce '
'ransomware gang, which claims to have exfiltrated 352.24GB of '
'sensitive data in the breach. The company has yet to publicly '
'respond to the incident. DragonForce posted a sample of the '
'stolen data, including employee and executive details, '
'financial receipts, incident reports, bank statements, and '
'visa application forms.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data leak',
'data_compromised': '352.24GB of sensitive data',
'identity_theft_risk': 'High (exposure of personal and financial '
'data)',
'legal_liabilities': 'Potential legal liabilities due to exposure '
'of sensitive data',
'payment_information_risk': 'High (bank statements and account '
'details exposed)'},
'investigation_status': 'Ongoing (threatened data leak in four days)',
'motivation': 'Financial gain (ransom demand), Data exfiltration for '
'extortion',
'ransomware': {'data_exfiltration': 'Yes (352.24GB stolen)',
'ransomware_strain': 'DragonForce'},
'references': [{'source': 'DragonForce dark web leak site'}],
'regulatory_compliance': {'regulations_violated': ['Potential violations of '
'Australian Privacy Act '
'(if personal data '
'exposed)',
'Possible GDPR '
'implications if EU data '
'involved']},
'threat_actor': 'DragonForce ransomware gang',
'title': 'Gelatissimo Hit by DragonForce Ransomware Attack, 352GB of Data '
'Allegedly Stolen',
'type': 'Ransomware'}