Logistics company Toll Group has hired a new global head of information security following a year of disastrous cyber security incidents.

Former Telstra CISO, Berin Lautenbach, will step into the role and try to improve the organisation’s security posture after it suffered from two major ransomware attacks within the first six months of 2020.

“Really looking forward to it,” Lautenbach said about his new job. “Exciting things being done at Toll!”

Lautenbach brings more than 20 years’ experience in cyber security. He has previously worked for the Department of Defence, Sun Microsystems, NAB, and GE before his recent tenure at Telstra.

“We’re really looking forward to having Berin on the team,” said Toll CIO, King Lee.

“This is an important part of the future roadmap for our security program and I believe Berin’s extensive experience will help set Toll up for a strong future in this ever-growing area of IT.”

Announcements about Lautenbach’s appointment made no mention of the significant cyber incidents Toll suffered earlier this year that severely hampered its operations and put data about its customers and staff at risk.

The first attack was discovered in late January, with Toll confirming it had been hit by a strain of the Mailto ransomware.

While it isolated affected systems, Toll’s business was knocked offline and the logistics company had to resort to “a combination of automated and manual processes” to continue running.

Three weeks later, Toll was still recovering from having its data encrypted – much to the frustration of customers who were experiencing long delivery delays.

And then it happened again.

On 4 May, Toll announced it had suffered another ransomware attack that knocked out its MyToll customer portal and stopped the company from receiving emails.

With barely a month’s respite, the company was once again enacting its business continuity plans and mitigating the effects of its data being encrypted.

A week later, MyToll was still down forcing the business to take bookings over the phone.

Unfortunately, the group behind this ransomware, Nefilim, try to extort their victims by threatening to publish data exfiltrated during the breach.

Sure enough, financial data and personal information soon appeared on a dark net site, accompanied by a taunting message from the cybercriminals.

“Toll Group failed to secure their network even after the first attack,” the message said.

“We have more than 200GB of archives of their private data.”

Toll is still trying to contact former employees whose personal information may have been dumped online in the breach.

“We are working closely with independent experts and authorities to investigate and remediate the issue,” the company said.

“We have started to contact individuals, including current and former employees, who we believe may have been impacted by this incident.”