23 January 2024

Tomra is a world leader in recycling and sorting technologies. In July 2023, it was hacked, which sent shockwaves through the industrial and technology industries. By taking advantage of flaws in order processing systems, the attack slowed down work, secured important files, and made personal information public. Tomra's quick reaction and proactive steps limited the damage. Though the event is a stark reminder of how cyberspace is changing and how important it is to have strong defenses.

The new numbers show how the attack affected many people. Analysts in the field say that Tomra lost about $200 million in sales, which shows how destructive hacking can be to businesses. The problem affected not only Tomra but also its entire supply chain, which in turn affected recycling and manufacturing industries around the world.

Beyond the immediate effects, the Tomra Cyber attack teaches us important lessons about how to be ready for the future:

It's important to diversify: Too much dependence on systems from a single vendor, like Tomra did, can leave you open to serious threats. Risk can be reduced by using a variety of technology companies and setting up backup systems.

Giving workers more power: People who work for you are often the first line of defense. They can learn how to spot and report suspicious behavior with regular cybersecurity training and awareness programs.

Architecture with no trust: Getting rid of networks' implicit trust and replacing them with "zero-trust" models, in which every entry attempt is checked, can make security a lot better.

Any business, no matter how big or small, should learn from what happened with Tomra. We can build a more stable digital ecosystem where creativity thrives and data is always protected by learning from past mistakes, taking proactive steps, and investing in strong cybersecurity frameworks.

Key Takeaway About Tomra Cyber Attack:

  • On July 16, TOMRA was hit by a hack that damaged its domain and internal IT systems.
  • The attack was stopped by quick action and disconnecting the system. Operations continued with the help of human workarounds.
  • Due to early detection and containment, forensic analysis has had little effect. No private data has been leaked or encrypted, and there have been no ransom demands.
  • TOMRA has worked with the officials and kept up with production and customer service. Online services were restored after the system was validated and security was improved.
  • The attack slowed down new ideas and cash flow a bit, but it didn't have a big effect on service or sales.
  • Costs already incurred amount to NOK 120 million, and more costs are predicted.
  • CEO Tove Andersen praised the team's quick action and dedication to implementing a Zero Trust architecture to improve security and stop similar problems from happening again.
  • TOMRA's website has more details about the attack and news about it.

TOMRA Cyber Attack Response and Recovery Efforts

How bad was the attack and what happened first?

The full scope of the recent cyberattack was revealed by an internal probe at TOMRA. The company's main goal right now is to rebuild and strengthen its trust system. Even though there are operating problems, new systems are being set up for some services, and others are being thoroughly tested.

Changes to systems and customer safety

The investigation showed how it affected several internal processes. But there is no proof that any customer or business information was stolen, that private data was leaked, that data was encrypted, or that a ransom demand was sent.

Commitment and Strength While getting better

TOMRA's CEO, Andersen, praises the team's hard work and alertness. Even though workarounds and manual processes have been used, most services have been able to stay up and running thanks to the hard work of employees and the help of customers and partners.

Information about the hack

According to the internal probe, the threat actor increased their access by using Windows tools to do bad things like changing passwords and making backdoors. Technical signs and the methods used by the threat actor have been found by TOMRA.

Preventative steps and fixing the system

TOMRA shut down systems, like reverse vending machines and management systems, before they were confirmed to be safe. Andersen says that there has been a lot of work in restoring the system in just three weeks, with the safe rebuilding of customer services being the top priority.

Collaboration and Security Enhancement

The business is reviewing its systems with the help of outside partners, such as Microsoft. An outside group of experts gave Microsoft a high score for security. TOMRA has made security even better by adding more Microsoft platform settings.

Ongoing Recovery and Operational Status

Andersen says that an IoT environment that was independently protected is back online and that 82% of the affected reverse vending machines (RVMs) are now working again. The sorting and grading equipment in the Food and Recycling sections is still fully functional and unaffected.

Continuous Management and Support

The problem is being managed all the time by TOMRA's team and a global team from Deloitte. More information about the attack will come out as the forensic probe goes on, and TOMRA is ready for any setbacks that might happen.

Trust and dedication to the mission

To make it clear again, TOMRA wants a world without trash. It also wants to protect its operations and keep the trust of its partners and customers. The company is still determined to face these problems and carry out its purpose.

10 Most Effective Cybersecurity Steps With Proof to Avoid Tomar Cyberattack Equivalent Threat

A complete cybersecurity plan is needed to protect against cyber threats like the Tomar Cyberattack and others like it. Here are the ten best steps, each backed by facts or advice from experts:

Multi-factor authentication (MFA) and strong, unique passwords should be used:

Proof: A report from Microsoft says that people who turn on MFA stop 99.9% of automated attacks.

Action: Make sure that all of your accounts have strong, unique passwords and that multifactor authentication is turned on wherever it's possible.

Software and system updates regularly:

Proof: The US-CERT stresses how important it is to keep software up to date to lower the risk of cybersecurity dangers.

Action: Set up a regular schedule for updating all operating systems and apps to the latest versions.

Training and awareness programs for employees:

Proof: According to Verizon's Data Breach Investigations Report, a lot of data leaks are caused by mistakes made by people.uji

Action: Teach your workers regularly how to spot phishing attempts, browse the web safely, and understand how important it is to keep data safe.

Firewalls and the safety of networks:

Proof: A study by the SANS Institute shows that fences work to keep people who aren't supposed to be there from getting in.

Action: Put up a wall between your internal network and data coming from outside sources using firewalls and other network security tools.

Encryption and regular backups of your data:

Proof: A study from the Ponemon Institute says that encryption is one of the best ways to lessen the effects of data breaches.

Action: Back up your data regularly and encrypt private data while it's being sent and while it's being stored.

Implement Endpoint Protection:

Proof: Gartner's study shows how important endpoint protection platforms are for finding threats and stopping them.

Action: Use advanced endpoint protection options that have security features like anti-virus, anti-malware, and more.

Wi-Fi networks that are safe:

Proof: According to a study by Kaspersky Lab, hackers often get into computers through Wi-Fi networks that are not safe.

Action: Make sure that Wi-Fi networks are protected, hidden, and safe. To connect from afar, use a VPN.

Access Control and User Privilege Management:

Proof: Cybersecurity experts say that the concept of least privilege lowers the risk of insider threats. This is shown by access control and user privilege management.

Action: Set up strict rules for controlling entry. Give workers only the permissions they need to do their jobs.

Audits and penetration tests done regularly:

Show proof: The Center for Internet Security says that regular penetration tests and security checks are important for finding holes.

Action: Do security audits and penetration tests regularly to find and fix any security holes in your network and apps.

Incident Response Plan:

Proof: IBM's Cyber Resilient Organization Report says that having an incident response plan and team in place makes a breach much less expensive and damaging.

Action: Make and keep up-to-date with a thorough incident reaction plan so that you can handle and recover from security incidents quickly and effectively.

Taking these steps can make a big difference in how secure your company is online.


The Tomra cyberattack is a very important wake-up call for the digital world we live in now. It shows how important it is for businesses to have strong cybersecurity steps. This event shows not only how weak companies are, but also how bad the effects of security breaches can be. In answer, companies need to learn from Tomra's mistakes. They should buy more advanced security protocols, check their systems often, and teach their workers the best ways to keep their information safe. Because cyber threats are always changing, being alert and ready is important for keeping private data safe. The Tomra case is a stark warning of how important it is to be proactive about improving cybersecurity all the time. If you are looking forward to a full proof of cybersecurity for your organization then you must get in touch with SafeAeon.

Why Do You Need Our Services

SafeAeon's 24×7 SOC operates ceaselessly to watch over, identify, and counter cyber attacks, ensuring your business remains resilient and unharmed

Watchguard It Infrastructure

24/7 Eyes On Screen

Rest easy with SafeAeon's continuous vigilance for your IT infrastructure. Our dedicated security analysts ensure prompt threat detection and containment.

Cybersecurity Price

Unbeatable Prices

Access cutting-edge cybersecurity products through SafeAeon's unbeatable deals. Premium solutions at competitive prices for top-tier security.

Threat Intelligence

Threat Intelligence

Stay ahead with SafeAeon's researched Threat Intelligence Data. Clients enjoy free access for informed and proactive cybersecurity strategies.

IT Team

Extended IT Team

Seamlessly integrate SafeAeon with your IT team. Strengthen controls against risks and threats with expert recommendations for unified security.

Ready to take control of your Security?

We are here to help

Reach out to schedule a demo with our team and learn how SafeAeon SOC-as-a-Service can benefit your organization