Recycling giant Tomra suffering from massive cyberattack

18 Jul 2023

Image: © Rokas/

The Norwegian company was forced to disconnect various services due to an attack, which has disrupted its operations in many parts of the world.

Recycling company Tomra has been hit with an “extensive” cyberattack, which has knocked out a large portion of its digital services.

The multinational said it discovered the attack on 16 July and took “immediate actions” to prevent damage by disconnecting some of its systems. In a statement yesterday (17 July), Tomra said it’s focus was to get its systems back to normal “as fast as possible”.

The Norwegian company has a large global footprint, with roughly 105,000 installations in more than 100 markets worldwide, along with 5,000 staff.

The cyberattack forced Tomra to turn off a large portion of its online services, including internal IT services. In an update today (18 July), Tomra said its recycling and food businesses are “operating as usual” but suffering from limited functionality, while Tomra Group staff are working remotely.

The company claims most of it’s digital services are designed to operate offline for a certain amount of time, but may have reduced functionality.

The company’s reverse vending machines (RVMs) for recycling bottles and cans have been impacted differently based on geography and the age of the machines. In Europe and Asia, many of Tomra’s RVMs are in offline mode, with some older models no longer operating. RVMs in Australia and North America remain “online and fully connected”.

The multinational said it has contacted relevant authorities and is working to resolve the situation. At time of writing, Tomra claims to have received no contact from those who were behind the attack.

“A team of internal and external resources is working around the clock to resolve the situation, and affected systems will remain offline until it is safe to open them,” the company said. “Tomra will remain transparent with all stakeholders, and we will continue to provide updates when we have confirmed information to share.”

Simon Chassar, the CRO of cybersecurity company Claroty, said service disruption remains an “extremely successful” method for cybercriminals, with a focus on organisations that are part of a nation’s “critical infrastructure”.

“By affecting the up-time of systems and services of a company like Tomra, which operates across multiple industries, attackers can inflict significant financial and social damage on the business itself as well as global supply chains which will force them to act fast in paying any ransoms to restart operations,” Chassar said.

Cyberattacks continue to be a looming threat for industries worldwide. For example, the global Moveit breach has affected companies and government agencies on both sides of the Atlantic, including banks, universities, insurance and healthcare providers.

The latest victim of this massive ransomware campaign is reportedly TJX, the parent company to TK Maxx and HomeSense. Mike Newman, CEO of My1Login, predicts that this global string of attacks will go down as “one of the biggest cyberattacks of this year”.

“Never before has an attack demonstrated just how intrinsically linked businesses are with each other, and how by exploiting just one bug this can have a rippling effect and bring down multiple others,” Newman said.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic