Toll has confirmed it was the victim of a cyber attack involving ransomware known as ‘Nefilim’.
Toll detected the breach early last week, following detection of suspicious activity on its IT systems.
After detecting this attack, Toll shut down its IT systems to mitigate the risk of further infection.
Toll has refused from the outset to engage with the attacker’s ransom demands, which is consistent with the advice of cyber security experts and government authorities.
Toll's ongoing investigations have established that the attacker has accessed at least one specific corporate server.
This server contains information relating to some past and present Toll employees, and details of commercial agreements with some of its current and former enterprise customers.
The server in question is not designed as a repository for customer operational data.
At this stage, Toll has determined that the attacker has downloaded some data stored on the corporate server, and it is in the process of identifying the specific nature of that information.
The attacker is known to publish stolen data to the ‘dark web’.
This means that, to Toll's knowledge, information is not readily accessible through conventional online platforms. Toll is not aware at this time of any information from the server in question having been published.
Toll has notified and is working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP). It is are also actively managing our regulatory disclosure obligations.
Toll Group MD Thomas Knudsen said that Toll was the victim of an “unscrupulous act”.
“We condemn in the strongest possible terms the actions of the perpetrators.
"This a serious and regrettable situation and we apologise unreservedly to those affected.
"I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it”, he said.
Given the technical and detailed nature of the analysis in progress, Toll expects that it will take a number of weeks to determine more details.
Toll has begun contacting people it believes may be impacted and it is implementing measures to support individual online security arrangements.
Knudsen said cyber crime posed “an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community”.