© Anutr Yossundara

Toll Group is having a tough year, and has confirmed that the “unusual activity” on its servers last week was a cyber attack, which has now led to ransom demands.

The threat – unrelated to the attack on Toll in January – involves ransomware called Nefilim.

The hackers accessed a corporate server containing information on Toll staff and some commercial agreements with enterprise customers, although Toll said the server was not “designed as a repository for customer operational data”.

Toll said the hackers had downloaded data and, given previous form, would publish it on the ‘dark web’ if the ransom was not paid.

But the company said, that as far as it knew, this would mean the information would not be accessible through conventional online platforms, and added: “Toll is not aware at this time of any information from the server in question having been published.”

Toll discovered irregularities on 4 May and shut down its systems to prevent further infection. It said it had been advised by government authorities and cyber security experts not to engage with the hackers or pay a ransom.

Thomas Knudsen, Toll Group MD, said: “We condemn in the strongest possible terms the actions of the perpetrators. This is a serious and regrettable situation and we apologise unreservedly to those affected. I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it.”

Toll, which is working with the Australian Cyber Security Centre and the Australian Federal Police, said it would take several weeks to discover more details, and is contacting anyone it thinks may have been affected. And the 3PL sought to reassure customers.

“We have commenced the process of restoring and testing our customer-facing applications, with a focus on bringing them progressively online as soon as possible. At the same time, we’re continuing to support our large enterprise customers whose services are affected by the disruption to online operations.

“We’re continuing to keep our SME customers and consumers updated through our digital and social channels, including Toll’s company and MyToll websites.

“While there are delays in some parts of the network, freight shipments and parcel deliveries are moving by and large as normal, with Toll call centres taking bookings over the phone. Contact details for bookings are available the MyToll website.

“We continue to prioritise the movement of essential items, including medical and healthcare supplies. Email access has been restored for Toll employees who operate on our cloud-based platforms.”

Mr Knudsen said cyber crime posed “an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combatting the very real risk it presents the wider community”.

Lars Jensen, shipping analyst and cyber security expert, said progress towards high security standards in the industry was slow.

“Only a month ago we saw MSC being subjected to a successful cyber attack, although the details released are very sparse,” he noted on LinkedIn.

“Also, a month ago, Indian port group Adani was most likely the subject of a cyber attack causing operational disruptions. Officially, they seem to maintain they had some systems outage and/or shutdown. However internal sources do point to a cyber attack.”

Mr Jensen added that, following a webinar on cyber security, he came away with “the clear impression that the industry is still largely debating the same issues as they have been for the past five years, but actual progress towards heightening security standards are moving slowly”.

You can read more on Toll’s cyber – and other – problems on Premium, here.

Comment on this article

You must be logged in to post a comment.
  • TDRev

    May 13, 2020 at 5:04 am

    How is this not in the mainstream media? It’s causing the whole logistics chain to grind to a halt… although most third-parties are calling it covid-19 related delays until pressed.