A Toll spokeswoman told iTWire that the company was aware of the files being published.
"We continue to carefully monitor the situation and work closely with our stakeholders as we progress through our investigation," she said.
A screenshot of the notice on the Nefilim dark web site. Supplied
The attack on Toll was the second this year, and was carried out using the Nefilim ransomware which attacks only Windows systems.
The company's last update on the attack was on 29 May when it said in a statement it was "making good progress with the restoration of our key online systems".
The two recent batches of documents have been leaked in August and this month.
When the attack was announced, the company said it had shut down some of its systems as a precaution.
Toll, which has been in operation for more than 125 years, is part of Japan Post. It has operations in 1200 regions across the globe in 50 countries.
The firm has about 40,000 employees. For the full-year 2019, the Toll Group had revenue of US$8.7 billion.