Toll Group has confirmed it is the victim of a “targeted ransomware attack” that led it to “immediately isolate and disable” IT systems to stop the malware from spreading.
The logistics giant finally posted confirmation of the attack type and customer-facing impact late on Tuesday, having refused to comment to iTnews a day earlier.
iTnews reported that as many as 1000 servers in Toll’s data centre had been infected, and that staff had been advised not to turn on machines or try to connect them to the corporate network.
The company said today that it became aware of the issue on Friday 31 January.
“As soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it,” Toll said.
“We’ve been working around the clock since then to mitigate the impact and ensure customers can continue to access services.”
Toll said its parcel processing centres are operating, “albeit at reduced speed in some cases”. It was still accepting pickups booked via phone.
“We’re continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption,” it said.
Toll said it is working with “relevant authorities” and “the appropriate bodies for criminal investigation”.
The company said it was specifically targeted by the attackers, but did not say what the attackers were after.
Toll said that “at this stage, [it has] seen no evidence to suggest any personal data has been lost”.
The company also said that while it understood mounting customer complaints about missing and untrackable deliveries, it needed to focus on securing and cleaning its IT environment.
“While it’s an unfortunate situation, particularly for our customers, we’re committed to ensuring the security of our systems before we resume normal online operations,” Toll said.