Norwegian mountains

TOMRA: September 1st update on cyberattack

TOMRA discovered a cyberattack against the company on July 16th and has managed to keep most services and equipment operational under challenging circumstances. Connections to online services continue to be reestablished, bringing the company on a path toward normal operations. From now TOMRA will reduce the frequency of updates and only release information if there is substantial new information to share.

TOMRA has worked continuously since the attack, and is very grateful for all employees, partners and customers who have supported us through these challenging weeks.

We have now completed the cyberattack investigation and have a good overview of what happened. We described the nature of the attack on July 27th, more information can be found here.

TOMRA is rebuilding and our cyber resilience strategy has accelerated due to the attack. TOMRA will become stronger and more robust, and we have taken important steps by implementing the following:

  • Migration to a Zero Trust Architecture
  • Enhanced internet access control with full traffic inspection
  • Centralized vetting process of computers before allowing reconnection to systems
  • Identity protection with reinforced Multi Factor Authentication requirement and password rotation for all users


Status of external services:

  • TOMRA Group: Work and progress continues as we rebuild and restore systems and services. Each day, more employees are connected to internal systems and all critical users now have access to our ERP system.
  • TOMRA Collection: Most RVMs affected by the cyberattack have been successfully connected to new, trusted infrastructure and we are working closely with customers to reconnect the remainder. We have seen significant progress in our efforts to restore additional systems and, step by step, continue on our path towards the resumption of normal business operations.
  • TOMRA Recycling: Customers' sorters remain unaffected and fully operational. There are still manual workarounds in place, but we have made significant progress in gradually activating our systems and continue restoring remote connections to your systems.
  • TOMRA Food: Customers' optical sorting, grading, and post-harvest solutions remain unaffected and fully operational. There are still manual workarounds in place, and we have started restoring remote connections to our systems.

TOMRA continues to deliver our services to customers, minimizing the impact this attack has on them. TOMRA remains resolute in its mission to enable a world without waste and reaffirms its commitment to safeguarding its operations and the trust of its valued partners and customers.