TOMRA

July 19th update on cyberattack

TOMRA discovered an extensive cyberattack against the company on July 16th affecting some of the company’s data systems. To contain the attack, we have disconnected selected services. A team of internal and external resources is working around the clock to establish temporary solutions and to reestablish normal operations. Affected systems will remain offline until it is safe to operate them.

Development since last update:

  • No new hostile activities have been detected.
  • Focus is on thorough investigation of the incident and rebuilding our trust infrastructure
  • We continue to strengthen the IT security team and have expanded it with local presence in most major locations and expanded the central incident team.

Status of external services:

  • TOMRA Group: Internal IT services and some back-office applications remain offline and affect our supply chain management. Major office locations are offline, but cloud based Office365 applications run as normal allowing employees to access them.
  • TOMRA Collection: The reverse vending machines (RVMs) in operation are from different generations. In Europe and Asia, most RVMs continue to work in offline mode, while a limited number of older RVMs are no longer operating. In addition, RVMs in the Baltics, as well as some in Asia, are no longer operational due to integral digital services currently being offline. RVMs in Australia and North America remain online and fully connected. The Material Recovery services in North America are impacted by digital services being offline.
  • TOMRA Recycling: Our customers sorters remain unaffected and fully operational. All remote service activities are disconnected and replaced with manual procedures.
  • TOMRA Food: Our customers optical sorting, grading, and post-harvest solutions remain unaffected and fully operational. All remote service activities are disconnected and replaced with manual procedures.

Our primary aim is to continue to deliver our services to customers, minimizing the impact this attack has on them. Most of TOMRA’s digital services are designed to operate offline for a certain amount of time but may have reduced functionality in the interim. A team is working to establish temporary solutions for all digital systems to support keeping customer solutions operational over time.

All employees involved continue to work tirelessly to resolve the situation. The team spirit and commitment from the whole TOMRA team is remarkable. We remain in dialogue with relevant authorities and have not received any contact from those who are behind the attack.

TOMRA will remain transparent with all stakeholders, and we will continue to provide updates on tomra.com when we have confirmed information to share.