TOMRA Systems

Legal Proceedings Report • Sep 29, 2023

TOMRA: Toward normal operations after the cyberattack

TOMRA: Toward normal operations after the cyberattack

As previously announced, TOMRA discovered a cyberattack against the company on

16 July affecting the TOMRA domain and internal IT systems. Systems were

proactively disconnected to contain the attack. Manual workarounds have kept the

company operational while systems have been validated and restored. The company

is progressing well toward normal operations.

While the cyberattack was extensive, the forensics investigation indicates that

early detection and swift actions to contain the attack has limited its impact.

There is no evidence of confidential information having been leaked, nor any

evidence of encryption of data, nor has there been any ransom demands. TOMRA is

cooperating with authorities and regulators in relevant markets.

Throughout this period, TOMRA has continued to produce and deliver equipment and

services, limiting the impact of the attack on customers. Most customer services

and machines have remained operational despite initially being disconnected from

TOMRA's domain to contain the attack. Connections to online customer services

have been re-established as systems have been validated and restored or rebuilt

with strengthened security measures. TOMRA has been supported by a global cyber

security expert team in the process.

Despite disruptions and manual workarounds, the cyberattack has not had a

significant impact on sales, service or production. Diverting resources to the

recovery has resulted in some delays in the innovation pipeline as well as the

cash flow due to postponed invoicing. The incident is not expected to have

material impact on revenues, but it has incurred one-off costs of NOK 120

million so far, which will be recognized in the third quarter of 2023. The costs

relate to the cyberattack response and improvements in the company's cyber

security. Additional costs are expected to be booked in the fourth quarter.

"We have faced an unprecedented challenge, and it has been remarkable to witness

the commitment and vigilance displayed by our team as they work to support our

customers," says TOMRA's CEO and President Tove Andersen.

"Cyberattacks are a serious threat to digitalized societies and businesses. I am

grateful that we were able to stop the attack before any serious damage was

done. We have now taken measures to implement one of the most modern and secure

cyber security architectures - a so called Zero Trust architecture - to prevent

future disruptions and to protect ourselves, our customers, partners and

suppliers. I would like to express my sincere gratitude toward all our

supportive and trusting stakeholders during these challenging times," Andersen

concludes.

A detailed summary of the cyberattack as well as a complete overview of all

updates shared by TOMRA since the attack took place can be found in the News and

Media (https://www.tomra.com/news-and

-media#focus%20area=TOMRA%20Group&content%20type=News) section of TOMRA.com.

Asker, 29 September 2023

TOMRA Systems ASA

For further information, please contact:

Daniel Sundahl, Head of Investor Relations

Tel: +47 91 36 18 99