Important update on Toll IT Systems

We appreciate the patience of our customers as we continue to we work towards a full reactivation of all of our IT systems

For the latest information regarding parcel bookings, tracking and deliveries please visit MyToll 

Dismiss

Toll IT Systems Update

13 February 2.30PM AEDT

As we continue to work through the process of bringing our IT systems back online securely, our teams across the globe are working hard to keep our operations moving across our forwarding, parcel deliveries, logistics, and transport services areas.

For customers who use our booking and tracking platform, MyToll, we are continuing to bring functions back online. For more information, customers can visit the MyToll website.

Parts of our global forwarding network have regained access to basic CargoWise One functions. We’re continuing to move international air and ocean freight shipments and, where possible, processing customs clearance. Across our global logistics warehouse operations, most of our core operating systems have been restored. We are now working closely with customers at site level to return to full operational capability.

We appreciate the patience and understanding of our customers as we look towards full reinstatement of our systems as a matter of priority.

10 February 3.30pm AEDT

As we work towards reinstating IT systems securely, Toll’s teams across the globe are continuing to work tirelessly to ensure customers have access to our services and operations across the network, while supporting those customers affected by delays or disruption.

We are progressing with thorough testing and validation of our IT systems, in collaboration with key customers, with a view to restoring our systems as soon as it is deemed safe and secure for anyone who engages with Toll’s IT network including customers, employees, suppliers and vendors.

As of Monday 10 February, our systems are operating as follows:

  • The majority of Toll’s internal networks and user access are now operational.
  • With Global Forwarding, we're continuing to move large volumes of international air and ocean freight shipments and, where possible we're processing customs clearance although turnaround times have been affected in some parts of the network.
  • Our Global Express business, which includes our parcel delivery service, continues to operate with a combination of both manual and automated processes. A key priority is to bring our booking and tracking platform (MyToll) back online. We expect customers to be able to use this platform for some services towards the end of the week as we progressively roll out the full functionality of the platform.
  • With Global Logistics, we’re working closely with customers to restore key warehouse and transport applications. A number of applications are ready for testing with customers and we’re working closely with our customers during this process.
  • Our transport services continue to operate using manual and automated systems with minimal interruption to most customers while we work to bring all of our systems back online.
  • We continue to operate with our business continuity plans and work on technical recovery.

 

For customers impacted by this incident, we deeply apologise and reassure you that we are working hard to resume normal operations.

Previous Updates
7 February 3pm AEDT

We are continuing to work through the process of re-setting back-end IT systems following the recent cyber attack. 

Working closely with our external experts and federal government authorities we have made good progress through this past week to gradually reinstate systems securely.

Over the coming days, and allowing for the inherent complexity of cyber attacks of this nature, our focus is on reinstating foundational IT infrastructure which we actively disabled at the outset. From there, we are conducting comprehensive testing of our key systems – including in collaboration with some of our customers – with a view to coming back online securely and as a matter of priority. 

In the meantime, our business continuity measures are helping to ensure that many of customers can keep accessing our services, and we’re working to support those customers who are experiencing delays or disruption.

6 February 2.30pm AEDT

As we work through our IT recovery plan in response to the recent cyber-attack, our focus is on restoring the relevant underlying infrastructure and fully-automated systems, and on conducting a thorough review of the affected IT hardware including servers, systems and devices. In doing so, we are working closely with our cyber security advisers to ensure that any risk associated with this incident has been appropriately managed and neutralised.

At the same time and based on our ongoing business continuity measures, many of our customers are continuing to access services across large parts of the network globally. Regretfully, some customers are experiencing delays or disruption while we work towards bringing our regular IT systems back online securely. Our teams across our operations are working with affected customers, including via our call centre where additional resources are on hand to help customers with queries about parcel deliveries. As always, we apologise for the inconvenience this is causing those customers who are impacted.

5 February 1.30pm AEDT

As part of the roll-out of business continuity measures in response to the recent cyber-attack, many of our customers are now able to access our services across large parts of the network globally including freight, parcels, warehousing and logistics, and forwarding operations.

Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels. We have also increased staffing at our contact centres to assist with customer service. Notwithstanding the fact services are being provided largely as normal, some customers are experiencing delays or disruption and we’re working to address these issues as we focus on bringing our regular IT systems back online securely.

The ransomware that has affected Toll is a new variant of the Mailto ransomware. We have shared samples of the relevant variant with law enforcement, the Australian Cyber Security Centre, and cyber security organisations to ensure the wider community is protected. There continues to be no indication that any personal data has been lost as a result of the ransomware attack on our It systems. We continue to monitor this as we work through a detailed investigation.

4 February 2.30pm AEDT

As a result of our decision to disable certain systems following a recent cyber security threat, we’re continuing to meet the needs of many of our customers through a combination of manual and automated processes across our global operations, although some are experiencing delay or disruption. For our parcels customers, all of our processing centres are continuing to operate including pick up, processing and dispatch albeit at reduced speed in some cases. While the online booking platform has been temporarily disabled, parcels customers can book deliveries by calling our contact centres:

Priority – 13 15 31
IPEC – 13 33 66 (Standard Road Parcels)
Intermodal and Specialised – 13 18 21 (Standard Bulk Freight)

 

We can confirm the cyber security incident is due to a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to limit the spread of the attack. At this stage, we have seen no evidence to suggest any personal data has been lost. We’re continuing to undertake a thorough investigation and we’re working around the clock to restore normal services at the earliest opportunity. We’ll continue to provide updates as we securely bring our systems back online.
 

We apologise for the disruption that some of our customers are experiencing. We’re working with relevant authorities and have referred the matter to the appropriate bodies for criminal investigation. In the meantime, we’ll continue to work to our current processes in order to meet the needs of our customers.

3 February AEDT

As a precautionary measure, in response to a cyber security incident on Friday, Toll deliberately shut down a number of systems across multiple sites and business units.

Toll IT teams are working closely with global cyber security experts to resolve the issue.

Toll is making progress with our recovery activities to restore our systems and Toll customer-facing applications. 

Our immediate focus is on bringing our systems back online in a controlled and secure manner. Business continuity plans have been activated to maintain customer service and operations. 

Staying focused on customers remains at the forefront of Toll’s priorities as we restore our services and we sincerely apologise for any inconvenience caused. 

We want to thank our customers for their patience and support.

Question & Answers
 

What’s happened?

We received a targeted ransomware attack which led to our decision to immediately isolate and disable some systems in order to contain the spread of the attack. We moved quickly to mitigate the potential impact and we’re undertaking a detailed investigation with a view to restoring all of the relevant systems as soon as possible. In the meantime, we’ve introduced manual systems where required to ensure we can continue to meet the needs of our customers.
 

When did you find out and what have you done about it?

We became aware of the issue on Friday 31 January and, as soon as it came to light, we moved quickly to disable the relevant systems and initiate a detailed investigation to understand the cause and put in place measures to deal with it. We’ve been working around the clock since then to mitigate the impact and ensure customers can continue to access services, although some are experiencing delay or disruption. 

We’re working with relevant authorities and have referred the matter to the appropriate bodies for criminal investigation. In the meantime, we’ll continue to work to our current processes in order to meet the needs of our customers.

 

What does it mean for Toll’s operations?
As part of the roll-out of business continuity measures in response to the recent cyber-attack, many of our customers are now able to access our services across large parts of the network globally including freight, parcels, warehousing and logistics, and forwarding operations.
Based on a combination of automated and manual processes instituted in place of the affected IT systems, freight volumes are returning to usual levels. We have also increased staffing at our contact centres to assist with customer service.

 

What customers are facing delays and disruption to their service?
Some customers are experiencing delays or disruption to their deliveries as we have to rely on manual processes and systems to operate. As we are temporarily having to enter freight data manually, there is some delay in delivery status information. We are working to address these issues and continue to focus on bringing these IT systems back online securely. 

We sincerely apologise for any inconvenience caused. Our teams are working around the clock to restore normal services at the earliest opportunity.

 

When do you expect systems to be back online and operating as normal?

We’re working around the clock to have the relevant systems back online as soon as possible. While it’s an unfortunate situation, particularly for our customers, we’re committed to ensuring the security of our systems before we resume normal online operations. We’re working with relevant authorities and have referred the matter to the appropriate bodies for criminal investigation. In the meantime, we’ll continue to work to our current processes in order to meet the needs of our customers.

 

Given the decision to disable the MyToll platform, can I still book a parcel delivery?

While the MyToll online booking platform has been temporarily disabled, parcels customers can book deliveries by calling our contact centres:

  • Priority – 13 15 31
  • IPEC – 13 33 66 (Standard Road Parcels)
  • Intermodal and Specialised – 13 18 21 (Standard Bulk Freight)
     

Are the international air and ocean freight movements impacted?
In our global freight forwarding business, Business Continuity Plans have been implemented and manual processes initiated to minimise customer impact. We continue to move international air and ocean freight shipments and, where possible, perform customs clearance albeit at a reduced pace. Please contact your local Toll representative/office if you need support.

 

Has any customer data been compromised?

At this stage, we have seen no evidence to suggest any personal data has been lost as a result of the ransomware attack.

 

Toll Group media statement is available here