Toll Group has confirmed it has been the victim of a data breach, and is the second attack to happen to the company this year. The first attack happened in February 2020.
TOLL has confirmed that it was the victim of a data breach early last week. The cyberattack involved ransomware knows as ‘Nefilim’, which resulted in the company to shut its IT systems to ‘mitigate the risk of further infection’.
This data breach was an ‘unscrupulous act’, said Thomas Knudsen, the Managing Director of Toll Group.
Base on expert advice from cybersecurity experts and officials, Toll Group has refused to engage with the attacker’s ransom demands.
The company’s ongoing investigations established that the attacker had access to ‘at least one’ of the corporate servers. This server contains information relating to past and present Toll employees, and details of commercial agreements with some current and former enterprise customers.
Toll has confirmed that some of the information has been taken by an attacker that is known to publish the stolen data on the dark web.
“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologise unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it,” Knudsen explained.
This data breach may take ‘a number of weeks’ to determine more details, due to the technical and detailed nature of the analysis.
Knudsen said that cybercrime posed “an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community.”
Toll Group is currently working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP). Moreover, the group is also ‘actively managing’ its regulatory disclosure obligations.
Toll Group is not aware of any information from the server having been published. As the attacker is known to publish information on the dark web, this information is ‘not readily accessible’ through conventional online platforms.
Power Retail is dedicated to providing critical and live e-commerce retailer benchmarking data and shopper insights for the online retail industry. Click here to find out more about Power Retail E-Commerce Intelligence or here to sign-up for the free weekly Pulse Newsletter for more essential online retail content.