TRANSPORT giant Toll has today confirmed data was stolen during last week's cyber attack.

The corporate server that was hacked by ransomware known as "Nefilim" contained information relating to some past and present Toll employees and details of commercial agreement with current and former enterprise customers.

The server in question was not designed as a repository for customer operational data.

In a statement today, Toll said ongoing investigations had determined the attacker, who was known to publish stolen data on the dark web.

The statement said Toll was not aware at this time of any information from the server having been published.

Toll Group Managing Director Thomas Knudsen said Toll was the victim of an "unscrupulous act".

"We condemn in the strongest possible terms the actions of the perpetrators," he said.

"This a serious and regrettable situation and we apologise unreservedly to those affected.

"I can assure our customers and employees that we're doing all we can to get to the bottom of the situation and put in place the actions to rectify it," he said.

Given the technical and detailed nature of the analysis in progress, Toll expected it would take a number of weeks to determine more details.

Mr Knudsen said cyber crime posed "an existential threat for organisations of all sizes, making it more important than ever for business, regulators and government to adopt a united effort in combating the very real risk it presents the wider community".

Toll Group is working with the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) in their investigations.