English

TOMRA: Toward normal operations after the cyberattack

Report this content

As previously announced, TOMRA discovered a cyberattack against the company on 16 July affecting the TOMRA domain and internal IT systems. Systems were proactively disconnected to contain the attack. Manual workarounds have kept the company operational while systems have been validated and restored. The company is progressing well toward normal operations.

While the cyberattack was extensive, the forensics investigation indicates that early detection and swift actions to contain the attack has limited its impact. There is no evidence of confidential information having been leaked, nor any evidence of encryption of data, nor has there been any ransom demands. TOMRA is cooperating with authorities and regulators in relevant markets.

Throughout this period, TOMRA has continued to produce and deliver equipment and services, limiting the impact of the attack on customers. Most customer services and machines have remained operational despite initially being disconnected from TOMRA's domain to contain the attack. Connections to online customer services have been re-established as systems have been validated and restored or rebuilt with strengthened security measures. TOMRA has been supported by a global cyber security expert team in the process.

Despite disruptions and manual workarounds, the cyberattack has not had a significant impact on sales, service or production. Diverting resources to the recovery has resulted in some delays in the innovation pipeline as well as the cash flow due to postponed invoicing. The incident is not expected to have material impact on revenues, but it has incurred one-off costs of NOK 120 million so far, which will be recognized in the third quarter of 2023. The costs relate to the cyberattack response and improvements in the company's cyber security. Additional costs are expected to be booked in the fourth quarter.

"We have faced an unprecedented challenge, and it has been remarkable to witness the commitment and vigilance displayed by our team as they work to support our customers," says TOMRA's CEO and President Tove Andersen.

"Cyberattacks are a serious threat to digitalized societies and businesses. I am grateful that we were able to stop the attack before any serious damage was done. We have now taken measures to implement one of the most modern and secure cyber security architectures – a so called Zero Trust architecture – to prevent future disruptions and to protect ourselves, our customers, partners and suppliers. I would like to express my sincere gratitude toward all our supportive and trusting stakeholders during these challenging times," Andersen concludes.

A detailed summary of the cyberattack as well as a complete overview of all updates shared by TOMRA since the attack took place can be found in the News and Media section of TOMRA.com.

Asker, 29 September 2023

TOMRA Systems ASA

For further information, please contact:

Daniel Sundahl, Head of Investor Relations
Tel: +47 91 36 18 99

Subscribe