TOMRA has been the target of an extensive cyber attack directly affecting some of the company's data systems. The relevant authorities were informed, and all available internal and external resources were mobilized to contain and neutralize the incident.
The attack was discovered early Sunday morning, July 16, 2023, when TOMRA security operations were alerted to a password reset request not initiated by multifactor authentication. When this suspicious activity was discovered, TOMRA security operations began proactively shutting down services and disconnecting sites to mitigate the attack.
Initial investigation revealed that this was an ongoing cyber-attack, the first activities of which were observed at our Montreal offices. Access was first gained through certain compromised TOMRA user accounts. Through this attack, a threat actor gained access to certain technical infrastructure systems. This enabled him to traverse and access other sites. TOMRA security operations have identified a number of methods and tools used in the attack, but see no evidence of data encryption and have received no ransom demands. Furthermore, we have found no evidence that TOMRA's customers, suppliers or partners or their systems are at risk from this attack.
After mobilizing all available internal and external resources in response to the attack - including a global cyber-response team from Deloitte - we successfully began the process of restoring digital services.
Our main objective is to restore all systems as quickly as possible, and we are continuing to work towards this goal.
For further information, please contact the TOMRA press center on +44 (0)207 283 9915 or send an e-mail to crisis.comms@tomra.com.