Gelatissimo Faces Data Breach from Ransomware Group Dragonforce

Severity: High (Score: 66.0)

Sources: Insurancebusinessmag, Ia.Acs.Au

Summary

Gelatissimo, an Australian gelato franchiser, is under threat from the ransomware group Dragonforce, which claims to have stolen 352.42 gigabytes of sensitive employee data. The hackers have provided sample screenshots of the compromised data, which includes names, payment details, tax file numbers, and personal information from visa applications. The breach affects both Australian and international operations, including corporate staff in the Philippines. Gelatissimo has less than five days to respond to the hackers. The incident highlights the risks associated with sensitive employee data, particularly for junior staff who may lack resources to mitigate misuse. Experts warn that the leaked information could facilitate targeted scams and impersonation attacks. Gelatissimo has not yet issued a public statement regarding the breach. Key Points: • Dragonforce claims to have stolen 352.42 GB of sensitive employee data from Gelatissimo. • The leaked data includes personal details such as tax file numbers and visa application information. • Gelatissimo has a limited timeframe to respond to the ransomware group's demands.

Key Entities

• Ransomware (attack_type)
• Aussizz Group (company)
• Champion Homes (company)
• Gelatissimo (company)
• Australia (country)
• Philippines (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• DragonForce (ransomware_group)