Toll has warned some current and former staff that the hackers responsible for a recent ransomware attack may have accessed their personal data including names, ages, addresses, salary and superannuation details, and tax file numbers.

In a statement on Thursday afternoon, the logistics company confirmed that “corporate server files” accessed by the attackers contained the personal information of Toll staff members.

“The information relates to some current and former employees in certain countries in which Toll operates, including Australia and New Zealand,” the statement said.

“The incident does not affect all Toll employees and, based on current findings, casual staff are not impacted.

“There is no evidence at this stage that the information in question has been taken.”

Following a successful Nefilim ransomware attack on Toll Group in early May, bad actors recently began dumping exfiltrated data onto the dark web.

Corporate contracts and financial statements were reportedly among the leaked data along with the personal information of staff.

Toll said it condemns “in the strongest possible terms” the cyber criminals’ actions and apologises for people affected by the ongoing incident.

“As a precaution, we have written to impacted employees (past and current) to provide them with information on how they can protect themselves,” Toll said.

“As part of this, we have engaged the services of a leading provider of identity and cybersecurity solutions to ensure that impacted people are provided with the appropriate support and data protection measures.”

Personal information like names, addresses, and tax file numbers can be used for identity theft.

Fraudsters recently used identity data to illegally access other people’s money through the government’s early superannuation removal scheme.

Information gathered by bad actors may also be used to create fake documents that are sold on the dark web.

Getting back online

Despite continuing concerns about Toll Group’s corporate data, the company claims its IT systems are slowly returning to normal after four weeks of disruption.

The company has provided regular, easily accessible updates since it was struck by its second ransomware attack this year.

Toll’s update on Friday morning said it was making “good progress” restoring online functions – but outlined the breadth of damage caused by the cyber incident with the MyToll, Track and Trace, and CargoWise One systems all slowly returning to regular function.

“Most customer-facing applications for our contract logistics customers are up and running, as we finalise testing with our customers,” Toll said.

"We thank everyone for their support and patience during this period as we finalise the full resumption of services across Toll’s global network.”

If you are concerned your identity has been stolen, contact IDCARE on 1800 595 160.