Australian logistics company Toll Group has confirmed the “cybersecurity incident” it suffered on Friday was ransomware.
“We can confirm the cybersecurity incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack,” Toll wrote in an update on Tuesday afternoon.
“We moved quickly to mitigate the potential impact and we’re undertaking a detailed investigation with a view to restoring all of the relevant systems as soon as possible.”
On Monday night, the company that boasts over 40,000 employees shut down a number of systems as a precautionary measure, which impacted several of its customer-facing applications.
Toll said it has seen no evidence to suggest any personal data has been lost.
“We became aware of the issue on Friday 31 January and, as soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it,” the statement continued.
Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia
“We’re continuing to undertake a thorough investigation and we’re working around the clock to restore normal services at the earliest opportunity. We’ll continue to provide updates as we securely bring our systems back online.”
The incident has resulted in Toll reverting to manual processes to clear the backlog of undelivered goods the ransomware attack has caused.
“As a result of our decision to disable certain systems following a recent cybersecurity threat, we’re continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption,” Toll explained.
Where parcels are concerned, Toll said its processing centres are continuing to operate pick up, processing, and dispatch functions, “albeit at reduced speed in some cases”.
Customers can also make bookings via the company’s call centre while the online booking platform remains disabled.
Toll said it is working with the relevant authorities and that the security matter has been reported to the appropriate bodies for criminal investigation.