Australian gelato chain targeted by hackers

Australian gelato brand Gelatissimo has been targeted in a suspected ransomware attack, with hackers claiming to have accessed highly sensitive employee data and issuing a deadline for the company to respond.

The ransomware group Dragonforce listed the company on its dark web leak site earlier this week, alleging it had extracted more than 350GB of data. While the group has not fully detailed the breach, it released sample screenshots that appear to show employee and operational information.

The leaked samples reportedly include spreadsheets listing employee names along with partial financial details, such as earnings, leave records, bonuses, and withheld taxes. In some cases, the last four digits of tax file numbers were also visible.

Additional screenshots suggest more sensitive records may have been compromised, including a visa application containing personal identifiers such as passport number, phone number, email address and home address. Other materials shared include an internal incident report, along with what appear to be bank transfer receipts and corporate financial statements.

Gelatissimo, which began in Sydney in 2002 and now operates dozens of stores across Australia and internationally, has not yet publicly responded to the claims.

The hackers also allege they accessed contact details of senior leadership, including the company’s chief executive and chief financial officer, as well as employees across franchising, product development and international teams.

Nalin Arachchilage, associate professor in cybersecurity,  RMIT University, warned that such data can be particularly dangerous if misused. “The contact information of senior staff is particularly valuable because it can enable ‘highly targeted scams and impersonation attacks’.”

“If hackers can convincingly pretend to be someone in charge, they can often trick others into doing the damage for them.” He added that personal data linked to employees could have long-term consequences.

In simple terms, the most valuable data in this alleged breach is employees' personal and financial information. Once this kind of data is out, one cannot change it like a password. It can follow people for years.