Fountain: intrusion and data theft during a ransomware cyberattack
Fountain, a Belgian stock-listed provider of workplace coffee and refreshment services, disclosed in early April 2026 a ransomware attack involving unauthorized access to part of its IT systems and confirmed data exfiltration, with the DragonForce group claiming responsibility.
- Victim
- Fountain
On 3 April 2026, Fountain β a Belgian stock-exchange-listed company specializing in workplace coffee and refreshment services β disclosed that it had been hit by a ransomware-type cyberattack. The intrusion involved unauthorized access to part of the company's information systems together with confirmed extraction of data.
The company filed a criminal complaint on 31 March 2026, and the following day, on 1 April 2026, the DragonForce ransomware group claimed responsibility for the attack and the associated data exfiltration. The attack vector has not been publicly disclosed. The operation followed the now-typical double-extortion pattern, combining intrusion, exfiltration of data, and the threat of public disclosure to pressure the victim.
The exact nature and volume of the exfiltrated data had not been determined at the time of disclosure, with investigations still under way. Potentially affected categories of information were not yet specified by the company.
Fountain stated that it had observed no major disruption to its operations and did not anticipate a significant impact on its financial results. The investigation into the scope of the compromise remained ongoing.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/fountain-intrusion-et-vol-de-donnees-lors-dune-cyberattaque-ransomware/
- hendryadrian.comhttps://www.hendryadrian.com/belgian-listed-fountain-hit-by-ransomware-dragonforce-claims-attack-and-data-exfiltration/