Toll Group’s latest cybersecurity incident has escalated to a data breach, with the logistics giant conceding an investigation has revealed the attackers stole some company information.
Early last week, Toll confirmed it was the victim of a cyber attack involving ransomware known as ‘Nefilim’ after detecting suspicious activity.
As per protocol, Toll shut down its IT systems after detecting the attack and did not engage with the attacker’s ransom demands.
However, "our ongoing investigations have established that the attacker has accessed at least one specific corporate server", the company says in a statement.
"This server contains information relating to some past and present Toll employees, and details of commercial agreements with some of our current and former enterprise customers.
"The server in question is not designed as a repository for customer operational data.
"At this stage, we have determined that the attacker has downloaded some data stored on the corporate server, and we are in the process of identifying the specific nature of that information.
"The attacker is known to publish stolen data to the ‘dark web’.
"This means that, to our knowledge, information is not readily accessible through conventional online platforms."
The company says it is not aware of any information from the server in question having been published as of this point.
It continues to work with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) and is managing its regulatory disclosure obligations.
Toll Group managing director Thomas Knudsen says the company is the victim of an "unscrupulous act".
"We condemn in the strongest possible terms the actions of the perpetrators," Knudsen says.
"This a serious and regrettable situation and we apologise unreservedly to those affected.
"I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it."
Toll puts a timeline of "a number of weeks" to determine more details on the severity of the attack, given the technical and detailed nature of the analysis in progress
Company representatives have begun contacting people it believes may be impacted while it implements measures to support individual online security arrangements.
Knudsen says cyber crime poses "an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community".