Back to Blog
high severity April 27, 2026 · scope unconfirmed

gelatissimo.com.au Listed by dragonforce Ransomware Group

A global brand seeking major investors with experience in retail and franchising to expand its artisanal ice cream chain through a master franchise program

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed April 27, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On April 27, 2026, the Australian ice-cream chain gelatissimo.com.au appeared on the leak site of the ransomware group DragonForce. The attackers published internal files they say were stolen during a ransomware incident, exposing data that could affect customers, franchisees, and employees of the popular artisanal gelato brand.

Confirmed Facts from Reporting

Public reporting indicates that DragonForce listed gelatissimo.com.au on its leak blog and provided samples of the allegedly exfiltrated material. The company, which operates a chain of stores across Australia and is actively seeking investors for a master franchise expansion, had internal documents taken. Available reporting describes the exposed information as internal files; the exact number of people affected remains unknown. No confirmed list of specific data types such as customer payment details has been independently verified in open sources, but the nature of ransomware operations typically involves sensitive business records that can include personal information.

Why This Matters for You and Your Family

When a company you have interacted with loses control of its data, the consequences reach far beyond corporate embarrassment. If you have ever bought a gelato, joined their loyalty program, applied for a franchise, or been an employee, your name, contact details, or other personal records may now sit in an attacker’s archive. Once published on a ransomware leak site, that information rarely disappears. It circulates among data brokers, fraudsters, and opportunistic criminals who combine it with other leaks to build detailed profiles. For ordinary families this can mean sudden spikes in spam, phishing texts, or attempts to access linked accounts.

The Doxxing and Identity-Chain Risks

Ransomware leaks like this one rarely stop at a single company dataset. Attackers and subsequent buyers often chain the information with credentials from earlier breaches. An email address taken from gelatissimo.com.au can be tested against gaming platforms, social media, and online shopping sites. If you or your children reuse passwords, or if a family member’s gaming account uses the same email, the leak can cascade into full account takeovers. Public reporting shows these chains frequently lead to doxxing, where attackers publicly link real names, addresses, and phone numbers. Children’s gaming handles are especially vulnerable because young users often reveal more personal details than they realise.

DragonForce’s Known Track Record

Public reporting attributes DragonForce with emerging in late 2023 as a ransomware-as-a-service operation that provides tools and infrastructure to affiliate attackers. The group has claimed responsibility for incidents against organisations in healthcare, education, retail, and hospitality. Their typical playbook involves initial access through phishing or exploited remote desktop services, followed by data exfiltration before encryption. They then demand payment and, if unmet, publish samples or full datasets on their leak site to pressure victims. Exact success rates and prior victim counts are difficult to verify, but industry trackers list them among the more active ransomware families operating in 2025–2026.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity so you can see exactly what this leak connects to.
  • Rotate any password you ever used on gelatissimo.com.au or related franchise portals, then enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours instead of months.
  • Cover the household with DoxxScan family protection that extends to your children’s gaming accounts, which often chain back to the same addresses and emails used for retail purchases.
  • Let remediation specialists handle the follow-up work, including sending takedown notices to data brokers and monitoring for resale of the stolen files.

The gelatissimo.com.au breach is a reminder that even seemingly ordinary purchases can feed larger identity chains that put your family at risk. Taking concrete steps now limits how far attackers can travel with this data. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, and hands-on remediation by specialists who manage takedowns for you and your entire household, including children’s gaming accounts that frequently become targets after retail leaks like this one.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.