The ransomware in question is named Nefilim and it attacks Windows systems.
News of the attack, the second this year, was announced by Toll on 5 May, with the company saying at the time that it had shut down some of its systems as a precaution.
The documents released on Wednesday on the dark web include statements about company financials in plain text and a zipped file. This indicates that the ransom demand by the group has not been met by Toll. The attackers claim to have more than 200GB of company data.
"As a result, we are now focused on assessing and verifying the specific nature of the stolen data that has been published. As this assessment progresses, we will notify any impacted parties as a matter of priority and offer appropriate support."
Toll, which has been in operation for more than 125 years, is part of Japan Post. It has operations in 1200 regions across the globe in 50 countries.
The firm has about 40,000 employees. For the full-year 2019, the Toll Group had revenue of US$8.7 billion.
Asked for comment, ransomware researcher Brett Callow, who works for the New Zealand-headquartered security outfit Emsisoft, said: "For a major company to be hit by two different ransomware groups within a relatively short space of time is highly unusual but not without precedent.
"It’s not at all unusual for groups to leave behind backdoors. The backdoors are typically 'owned' by affiliates who may change allegiance or sell or trade them with other groups."
The first attack on Toll earlier this year was said to have involved ransomware known as Mailto.
"Consequently, a successful attack by one group could potentially result in a successful attack by another," said Callow. "This is one of the reasons that we strongly recommend that companies completely rebuild their networks post incident."