EXCLUSIVE: Popular Australian gelato franchiser Gelatissimo has less than five days to respond to hackers who claim to have stolen highly sensitive data related to the company’s employees.
Ransomware collective Dragonforce published a listing for Gelatissimo to its dark web leak site on Monday night.
The group claimed to have compromised 352.42 gigabytes from the gelato chain, though it neglected to describe precisely what was stolen.
Instead, Dragonforce shared six sample screenshots of what appeared to be stolen employee data and operational details.
The screenshots included part of a spreadsheet which listed alleged first and last names of Gelatissimo employees, along with limited payment details about gross earnings, paid leave, overtime, bonuses, and withheld taxes.
The spreadsheet also appeared to list the last four digits of employees’ tax file numbers.
The ransomware gang also shared an alleged visa application form related to one of the company’s employees, which itself contained a passport number, phone number, professional email address, and home address, alongside other details.
Other information shared by Dragonforce included an incident report following an apparent workplace accident in 2025, as well as screenshots of an alleged bank transfer receipt and a detailed corporate bank statement.
Dragonforce’s leak listing did not detail how many visa applications or employee details were allegedly compromised in the full dataset.
Gelatissimo has been contacted for comment, but did not provide a statement prior to publication.
Senior staff contact details leaked
After opening a store in Sydney in 2002, Gelatissimo has since expanded to some 61 stores across Australia and 22 stores internationally.
Dragonforce claimed to have stolen employee data related to the company’s Australian and international operations, including email addresses for corporate staff in the Philippines.
Alleged mobile numbers and email addresses of the company’s chief executive and chief financial officer were also dumped on the dark web, alongside contact details for workers in the company’s franchising, product development, and Australian operations teams.
Hackers share a data sample on their dark web blog. Image: DragonForce dark web platform
Nalin Arachchilage, associate professor in cybersecurity at RMIT University, told Information Age the contact information of senior staff is particularly valuable because it can enable “highly targeted scams and impersonation attacks”.
“If hackers can convincingly pretend to be someone in charge, they can often trick others into doing the damage for them,” he said.
Arachchilage also warned that sensitive data relating to junior staff – such as the allegedly leaked tax file number details, visa documents, and earnings information – can be exploited in follow-up attacks because “those individuals may have fewer resources to respond if their data is misused”.
“In simple terms, the most valuable data in this alleged breach is the personal and financial information of employees,” he said.
“Once this kind of data is out, you can’t change it like a password.
“It can follow people for years.”
Ransom timer ticks down
At the time of writing, Dragonforce has threatened to publish the allegedly stolen data in approximately four days and 12 hours.
Arachchilage explained groups like Dragonforce are typically associated with “ransomware‑style attacks”, where data is stolen and then used as leverage to extort a payment from a victim.
“Releasing data samples is a common way attackers prove they are serious,” he said.
Notably, Dragonforce has historically targeted both small- and large-scale organisations across the globe.
Alongside Gelatissimo, the group listed more than 10 additional victims on 27 April, including a printing specialist, a landscaping company, an engineering firm, and a US medical equipment supplier.
Last week the group also leaked alleged data for Sydney home building company Champion Homes, while a 2024 attack saw Dragonforce claim the theft of nearly 300GB of data from Australian immigration consultancy Aussizz Group.
