Australian logistics company Toll Group has revealed that one of its servers was accessed by an attacker that has been known for posting personal information on the ‘dark web’.
Last week, CRN sister site iTnews reported that Toll was hit by a ransomware attack (its second this year), citing a type of malware known as Nefilim. The company had to shutter IT systems as part of its recovery.
Toll this week revealed that the attacker behind the ransomware accessed one of its corporate servers, which contains information relating to some past and present Toll employees, and details of commercial agreements with some of its current and former enterprise customers.
“At this stage, we have determined that the attacker has downloaded some data stored on the corporate server, and we are in the process of identifying the specific nature of that information,” Toll’s announcement read.
“The attacker is known to publish stolen data to the ‘dark web’. This means that, to our knowledge, information is not readily accessible through conventional online platforms. Toll is not aware at this time of any information from the server in question having been published.”
The company said it was working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) and was also actively managing its regulatory disclosure obligations.
Toll Group managing director Thomas Knudsen said Toll was the victim of an “unscrupulous act”.
“We condemn in the strongest possible terms the actions of the perpetrators. This a serious and regrettable situation and we apologise unreservedly to those affected,” he said.
“I can assure our customers and employees that we’re doing all we can to get to the bottom of the situation and put in place the actions to rectify it.”
Toll expects it to take a number of weeks before it could determine more details of the attack. The company has also contacted people that may be impacted and are “implementing measures to support individual online security arrangements”.