‘Cyber security incident’ takes its Toll on Aussie delivery giant as box-tracking boxen yanked offline
Australian courier company Toll has shut down several of its key systems after a “security incident” last week, prompting a backlash from frustrated customers.
Individual punters and businesses alike said they were unable to send, receive or track their packages since as early as Wednesday morning last week. The company’s tracking website, MyToll, has been down since Friday afternoon.
A Reg reader who spoke to service reps over the phone told us Toll employees have been unable to provide information about their packages, or even to access their internal tracking database.
“As a precautionary measure, in response to a cyber security incident on Friday, Toll deliberately shut down a number of systems across multiple sites and business units,” the company said in a statement posted today on its website.
Toll is one of Australia’s largest courier companies, and claims to deliver 95 million packages a year. Its services are used to transport packages for eBay, mobile phone vendors and US travel documents for Australians, among other things.
The breach is reported to have affected Australia, India and the Philippines. The company has not said how many customers have been affected.
Frustrated Australian customers took to Twitter with characteristic ire.
@Toll_Group can you at least provide some kind of status page or update? No tracking system, emails bouncing, phones not being answered… but zero information anywhere on what is happening. Where can we find updates please?
— Hurtle Gear (@HurtleGear) February 3, 2020
We use them for work all the time, but only because we have to. They are the epitome of not being able to organise a root in a brothel. Absolutely fucking useless. ALWAYS! We have issues virtually every week. And their customer service is non-existent.
— ?David Nathan ? (@David_Nathan) January 29, 2020
Another user, @PaulMan42254737, wrote: “I just made this account to say ‘Fuck you!’ to @Toll_Group for losing my package.”
Local media reported that Toll is still making some deliveries, but receipts are being recorded manually instead of electronically.
Toll said it is working to restore the affected systems in a “controlled and secure manner”.
“Business continuity plans have been activated to maintain customer service and operations,” the company said.
Toll did not answer The Reg‘s requests for more information on what these plans involve. Nor did the company say when it expects its systems to be up and running again, or whether wider systems have been affected.
Toll Group is owned by Japan Post Holdings, which bought the Melbourne-based group in 2015 for $6.5bn. It has turned into a dud investment for Japan Post, which wrote down (PDF) the value of Toll by $4.9bn in 2017. ®
Sponsored: Detecting cyber attacks as a small to medium business
READ MORE HERE