Skip to content
RansomwareOngoing

Fountain: intrusion and data theft during a ransomware cyberattack

Fountain, a Belgian stock-listed provider of workplace coffee and refreshment services, disclosed in early April 2026 a ransomware attack involving unauthorized access to part of its IT systems and confirmed data exfiltration, with the DragonForce group claiming responsibility.

Victim
Fountain

On 3 April 2026, Fountain β€” a Belgian stock-exchange-listed company specializing in workplace coffee and refreshment services β€” disclosed that it had been hit by a ransomware-type cyberattack. The intrusion involved unauthorized access to part of the company's information systems together with confirmed extraction of data.

The company filed a criminal complaint on 31 March 2026, and the following day, on 1 April 2026, the DragonForce ransomware group claimed responsibility for the attack and the associated data exfiltration. The attack vector has not been publicly disclosed. The operation followed the now-typical double-extortion pattern, combining intrusion, exfiltration of data, and the threat of public disclosure to pressure the victim.

The exact nature and volume of the exfiltrated data had not been determined at the time of disclosure, with investigations still under way. Potentially affected categories of information were not yet specified by the company.

Fountain stated that it had observed no major disruption to its operations and did not anticipate a significant impact on its financial results. The investigation into the scope of the compromise remained ongoing.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/fountain-intrusion-et-vol-de-donnees-lors-dune-cyberattaque-ransomware/
  2. hendryadrian.comhttps://www.hendryadrian.com/belgian-listed-fountain-hit-by-ransomware-dragonforce-claims-attack-and-data-exfiltration/

Related incidents

RansomwareOngoing

Leak at Disneyland

In June 2025, the Anubis ransomware gang claimed a 64GB leak of ~39,000 confidential files from Disneyland Paris β€” engineering plans and behind-the-scenes photos/videos of park attractions β€” said to be stolen via a compromised third-party contractor.

Victim
Disneyland
RansomwareRansom paid

Caesars Entertainment Scattered Spider ransom payment (2023)

Scattered Spider impersonated a Caesars employee on a call to a third-party IT support vendor and convinced the vendor to grant Okta credentials, then exfiltrated customer loyalty data including SSNs and driver's licences. Caesars paid roughly $15 million ransom; the FBI later froze a substantial portion of the funds with Chainalysis assistance.

Victim
Caesars Entertainment
Loss
$15.0M