Norwegian mountains

TOMRA: July 25th update on cyberattack

TOMRA discovered a cyberattack against the company on July 16th. Investigation has shown some systems have been affected by the attack and additional systems were proactively disconnected to contain the attack. A team of internal and external resources is working around the clock to establish alternative solutions and to reestablish normal operations.

TOMRA is dedicated to rebuilding the trust infrastructure of the company; working in parallel to establish alternative systems for some services, and cleaning and validating systems for other services.

To increase security level, the company is also introducing new measures to help users protect themselves and the company’s digital infrastructure.


Development since last update:

  • Microsoft has assessed our Office365 environment. TOMRA received a very strong security score. As per recommendations we are implementing further security measures.
  • Multi Factor Authentication (MFA) is enforced for all users, temporarily locking the accounts of some users until they have MFA implemented.
  • We are currently restoring our ERP solutions, starting with some markets with a few users already active.
  • We work continuously to connect more customers to the new, cloud-based system for online services for the Reverse Vending Machines (RVMs) to ensure that the RVMs remain operational. The solution is rebuilt in a clean and trusted environment, with additional security controls implemented to strengthen its resilience. This new system is already available for the RVMs in Norway, the Netherlands and the Baltics and we continue to work to connect RVMs in these markets.

Status of external services:

  • TOMRA Group: Internal IT services and some back-office applications remain offline and affect our supply chain management. Major office locations are offline, but cloud based Office365 applications run as normal allowing employees to access them.
  • TOMRA Collection: Most RVMs in Europe and Asia remain operational, however, unfortunately a limited number of RVMs are not currently operating. RVMs in Australia and North America remain online and fully connected. The Material Recovery services in North America are also impacted by digital services being offline.
  • TOMRA Recycling: Our customers sorters remain unaffected and fully operational. All remote service activities are disconnected and replaced with manual procedures.
  • TOMRA Food: Our customers optical sorting, grading, and post-harvest solutions remain unaffected and fully operational. All remote service activities are disconnected and replaced with manual procedures.

Our primary aim is to continue to deliver our services to customers, minimizing the impact this attack has on them. Most of TOMRA’s digital services are designed to operate offline for a certain amount of time but may have reduced functionality in the interim. A team is working to establish alternative solutions for all digital systems to support keeping customer solutions operational over time.

TOMRA is working with external partners to do a complete review of relevant systems and have third party verification of the integrity of systems and equipment. The first one is now completed with an independent expert review from Microsoft on services that run on their platforms. Verification of these systems is an important step in documenting the integrity of the company’s digital platform.

TOMRA’s team is working tirelessly to manage the situation. In addition, the company is supported by a global team from Deloitte ensuring senior competence and resource availability globally. The team will continue to work until the situation is resolved.