An “Unscrupulous Act” – Toll Group Confirms Data Breach
Toll Group has confirmed it has been the victim of a data breach, and is the second attack to happen to the company this year. The first attack happened in February 2020.
TOLL has confirmed that it was the victim of a data breach early last week. The cyberattack involved ransomware knows as ‘Nefilim’, which resulted in the company to shut its IT systems to ‘mitigate the risk of further infection’.
This data breach was an ‘unscrupulous act’, said Thomas Knudsen, the Managing Director of Toll Group.
Base on expert advice from cybersecurity experts and officials, Toll Group has refused to engage with the attacker’s ransom demands.
The company’s ongoing investigations established that the attacker had access to ‘at least one’ of the corporate servers. This server contains information relating to past and present Toll employees, and details of commercial agreements with some current and former enterprise customers.
Toll has confirmed that some of the information has been taken by an attacker that is known to publish the stolen data on the dark web.
“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologise unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it,” Knudsen explained.
This data breach may take ‘a number of weeks’ to determine more details, due to the technical and detailed nature of the analysis.
Knudsen said that cybercrime posed “an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community.”
Toll Group is currently working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP). Moreover, the group is also ‘actively managing’ its regulatory disclosure obligations.
Toll Group is not aware of any information from the server having been published. As the attacker is known to publish information on the dark web, this information is ‘not readily accessible’ through conventional online platforms.
Power Retail is dedicated to providing critical and live e-commerce retailer benchmarking data and shopper insights for the online retail industry. Click here to find out more about Power Retail E-Commerce Intelligence or here to sign-up for the free weekly Pulse Newsletter for more essential online retail content.
About the Author: Ally Feiam
No Comments
Leave A Comment
What to Expect from Black Friday: Savvy Spenders, Sophisticated Scams, and Sports Related Gifts
As Black Friday kicks off the weekend’s sales frenzy, we’ve compiled some predictions to tide you over until the data rolls in.
Visa’s Wild New Partnership with Taronga Conservation Society Australia
Visa has announced it has entered into a long-term partnership with Taronga Conservation Society Australia.
“Really Cool and Fun”: Augmented Reality Mirror Trial a Hit
Dean Salakas lets us know how The Party People's innovative augmented reality mirror trial went and whats on the horizon for the tech.
Further The Iconic Staff Underpayments Revealed
The Iconic has once again been forced to remedy underpayments with over 500 staff effected by the payroll errors.
Try Utopia ecosystem, the best soft in cybersecurity