Toll Group has confirmed data has been stolen and placed on the dark web. Image by AP PHOTO

computing and information technology

Cargo giant Toll’s stolen data on dark web

2020-05-21 14:05:17

A ransomware attacker claiming to have 200GB of private data stolen from Toll Group has posted some files online, the freight and logistics giant has confirmed.

Toll said the attacker used ransomware known as Nefilim in early May to access at least one corporate server containing information on some past and present employees and commercial agreements with customers.

It refused to engage with the ransom demands, leading the attackers to post a 2GB file to its “Corporate Leaks” website on Wednesday.

The raider claims it gathered more than 200GB of private data including employee payslips dating from 2011 to 2018, board reports, audit reports and receipts.

“Toll Group failed to secure their network even after the first attack,” it says.

Toll quickly established its stolen data had been posted online.

“As a result, we are now focused on assessing and verifying the specific nature of the stolen data that has been published,” the company said in a statement.

“As this assessment progresses, we will notify any impacted parties as a matter of priority and offer appropriate support.”

The attacker says it normally leaks stolen information in parts “so the company has a chance to stop the leak before all the information is released”.

Toll last week described the attack as an “unscrupulous act” and said it had notified the Australian Cyber Security Centre and the Australian Federal Police.

The company said it was also managing its regulatory disclosure obligations.