Australian gelato franchiser Gelatissimo has less than five days to respond to hackers who claim to have stolen highly sensitive data related to the company's employees.
Ransomware collective Dragonforce published a listing for Gelatissimo on its dark web leak site on Monday night, claiming to have compromised 352.42 gigabytes from the gelato chain — though the group did not describe precisely what was taken, according to Information Age.
Instead, Dragonforce shared six sample screenshots of what appeared to be stolen employee data and operational details. The screenshots included part of a spreadsheet listing alleged first and last names of Gelatissimo employees, along with limited payment details covering gross earnings, paid leave, overtime, bonuses, and withheld taxes. The spreadsheet also appeared to list the last four digits of employees' tax file numbers.
The ransomware gang also published an alleged visa application form for one of the company's employees, containing a passport number, phone number, professional email address, and home address, alongside other personal details. Other material shared included an incident report following an apparent 2025 workplace accident, plus screenshots of an alleged bank transfer receipt and a detailed corporate bank statement.
Dragonforce's leak listing did not detail how many visa applications or employee records were allegedly compromised in the full dataset. Gelatissimo had been contacted for comment but did not respond before Information Age's publication.
After opening its first store in Sydney in 2002, Gelatissimo has expanded to around 61 stores across Australia and 22 internationally. Dragonforce claimed to have stolen employee data spanning the company's Australian and international operations, including email addresses for corporate staff in the Philippines.
Alleged mobile numbers and email addresses of the company's chief executive and chief financial officer were also dumped on the dark web, alongside contact details for workers in franchising, product development, and Australian operations teams.
Nalin Arachchilage, associate professor in cybersecurity at RMIT University, told Information Age the contact information of senior staff is particularly valuable because it can enable "highly targeted scams and impersonation attacks."
"If hackers can convincingly pretend to be someone in charge, they can often trick others into doing the damage for them," he said.
Arachchilage also warned that sensitive data relating to junior staff — such as the allegedly leaked tax file numbers, visa documents and earnings information — can be exploited in follow-up attacks because "those individuals may have fewer resources to respond if their data is misused."
"In simple terms, the most valuable data in this alleged breach is the personal and financial information of employees," he said. "Once this kind of data is out, you can't change it like a password. It can follow people for years."
At the time of writing, Dragonforce had threatened to publish the allegedly stolen data within approximately four days and 12 hours.
Arachchilage said groups like Dragonforce are typically associated with "ransomware-style attacks," where data is stolen and then used as leverage to extort payment. "Releasing data samples is a common way attackers prove they are serious," he said.
Dragonforce has a track record of targeting both small and large organisations globally. Alongside Gelatissimo, it listed more than 10 additional victims on 27 April, including a printing specialist, a landscaping company, an engineering firm, and a US medical equipment supplier.
Last week, the group also leaked alleged data for Sydney home building company Champion Homes. A 2024 attack saw Dragonforce claim the theft of nearly 300GB of data from Australian immigration consultancy Aussizz Group, according to Information Age.
For brokers, the incident is another reminder that mid-sized consumer brands — even those well outside the traditional "high-risk" sectors — are squarely in the sights of ransomware operators, with employee data, executive contact details and HR records all proving lucrative leverage.
