Early last week Toll confirmed it was the victim of a cyber attack involving ransomware known as ‘Nefilim’. After detecting this attack, Toll shut down its IT systems to mitigate the risk of further infection. However, ongoing investigations have established that the attacker has accessed at least one specific corporate server.
According to a statement from Toll, this server contains information relating to some past and present Toll employees, and details of commercial agreements with some of our current and former enterprise customers. The server in question is not designed as a repository for customer operational data.
At this stage, Toll has determined that the attacker has downloaded some data stored on the corporate server, and the company is in the process of identifying the specific nature of that information. The attacker is known to publish stolen data to the ‘dark web’.
Toll has since notified and is working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP).
Thomas Knudsen, Toll Group Managing Director, said that Toll was the victim of an “unscrupulous act”.
“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologise unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it”, he said.
Given the technical and detailed nature of the analysis in progress, Toll expects that it will take a number of weeks to determine more details. “We have begun contacting people we believe may be impacted and we are implementing measures to support individual online security arrangements,” Thomas said.
Thomas said cyber crime posed “an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community”.