The company confirmed that the cyber security incident is because of a targeted ransomware attack which led to its decision to immediately isolate and disable some systems in order to limit the spread of the attack.

At this stage, we have seen no evidence to suggest any personal data has been lost. We’re continuing to undertake a thorough investigation and we’re working around the clock to restore normal services at the earliest opportunity. We’ll continue to provide updates as we securely bring our systems back online


Toll became aware of the issue on Friday 31 January and disabled the relevant systems, as well as initiated a detailed investigation to understand the cause and establish measures to deal with it.

The company is also working with relevant authorities and have referred the matter to the appropriate bodies for criminal investigation.

In addition, Toll informed that there is no evidence to suggest any personal data has been lost.

As for when the company expects the systems to be back online, it stated that:

We’re working around the clock to have the relevant systems back online as soon as possible. While it’s an unfortunate situation, particularly for our customers, we’re committed to ensuring the security of our systems before we resume normal online operations

In another similar incident, the London Offshore Consultants (LOC) Group has recently been the victim of cyber-attacks. It is said that investigations are in still underway and are being led by the appointed cyber security experts.

LOC systems ensured that the attacks were quickly identified and since that time, LOC have been dealing with the matter professionally and with the help of independent cyber security experts, in order to minimize business interruption and ensure data integrity.

According to independent experts’ findings, the attacks saw a data breach confined to a single site, affecting a small number of clients, who were notified without delay.

Recently, the UK published an amended cyber security code of practice concerning those with responsibility for protecting the technical systems of port facilities and vessels docked in ports, following the frequency of cyber attacks in the last years.

The Good Practice Guide uses principles, in comparison to national legislation or specific standards to promote good practice in ports and boost the cyber security measures already implemented.

The Guide mostly concerns those responsible for protecting the port/port facility, ships (when docked or berthed), persons, cargo, cargo transport units and ships' stores within the port from the risks of a security incident.

Remarkably, the era of digitalization and rapid development of technologies in the maritime sector has called for immediate action, for the protection of the seafarers and the whole industry, which led the International Maritime Organization (IMO) to issue and implement a series of regulations and guidelines on cyber risk management, with, last but not least, the adoption of the Resolution MSC.428(98). The resolution calls companies to report any cyber risk in their ISM Code no later than January 1, 2021.