Toll restoring services following ransomware attack

Confirms information accessed includes name, address, age, and payroll information such as salary, superannuation, and tax file number.

Toll attacker made off with past and present employee data and commercial agreements

Toll Group has said it was making "good progress" with the restoration of its key online systems, following the ransomware attack it suffered after a January infection.

In an update posted on Friday, the company said MyToll customers could now access most features and its Track and Trace function is available for a number of services, with historical data being progressively uploaded. 

"In our Global Forwarding business, systems tests have been completed and we have restored CargoWise One access across Toll's global network. We have started the process of re-establishing electronic data interchange connections with customers, on a phased basis," it added.

"Most customer-facing applications for our contract logistics customers are up and running, as we finalise testing with our customers."

Earlier this month, Toll had confirmed that a "ransomware attacker" had stolen data contained on at least one Toll corporate server. It later revealed the information was published to the "dark web".

Toll on Thursday said it had established that the breached information included details such as name, residential address, age or date of birth, and payroll information, including salary, superannuation, and tax file number.

"The information relates to some current and former employees in certain countries in which Toll operates, including Australia and New Zealand. The incident does not affect all Toll employees and, based on current findings, casual staff are not impacted," Toll said.

The company said as a precaution it has written to impacted former and current employees to provide them with "information on how they can protect themselves".

"As part of this, we have engaged the services of a leading provider of identity and cybersecurity solutions to ensure that impacted people are provided with the appropriate support and data protection measures," Toll added.

"Toll condemns in the strongest possible terms the actions of the cyber criminals, and we apologise to our people for the concern and inconvenience this situation may be causing them."

In January, Toll reverted to manual processes following a ransomware incident.

The company also shut down its systems as a precautionary measure at that time.

"We became aware of the issue on Friday 31 January and, as soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it," Toll said at the time.

In that instance, the ransomware it fell victim to was a variant of the Mailto ransomware, with the company calling in the Australian Cyber Security Centre.

"Our assistance has included providing technical experts to identify the nature and extent of the compromise, and provide Toll with tailored mitigation advice," director-general of ASD Rachel Noble said in March.

HERE'S MORE