Canadian business process outsourcing provider Telus Digital has confirmed a cybersecurity incident involving unauthorized access to internal systems, after threat actors claimed they stole close to one petabyte of company and customer data during a prolonged breach.
The confirmation came through a statement from Telus to BleepingComputer, in which the company said it is currently investigating the scope of the intrusion and determining which customers may have been impacted. According to the company, the breach affected a “limited number of systems,” and there is currently no evidence that customer connectivity or core services were disrupted.
The breach has been claimed by ShinyHunters, a long-running cybercrime collective responsible for numerous high-profile data theft campaigns. The group has been particularly active in recent months, targeting enterprise SaaS environments such as Salesforce, Google Workspace, and Microsoft 365.
Telus Digital is the digital services and outsourcing arm of Canadian telecommunications provider Telus. The company provides customer support operations, content moderation, fraud detection services, and AI data processing to organizations worldwide.
ShinyHunters claims 1PB data breach
The attackers told CyberInsider they accessed Telus infrastructure using Google Cloud Platform (GCP) credentials obtained from previously stolen data in the Salesloft Drift breach.
That earlier incident exposed Salesforce data from roughly 760 organizations. Support tickets within the stolen datasets reportedly contained credentials, authentication tokens, and other secrets that attackers later used to compromise additional systems across multiple companies.
The threat actors say they identified Telus GCP credentials inside the Drift dataset and used them to access internal cloud resources, including a large BigQuery environment storing operational data. After extracting information from the environment, they reportedly ran the security scanning tool TruffleHog against the dataset to locate additional credentials embedded in files and logs.
Using those newly discovered secrets, the attackers claim they pivoted into additional Telus systems and expanded their access across multiple internal environments.
In total, the group claims it exfiltrated nearly one petabyte of data associated with Telus and companies that rely on its outsourcing services. The exact volume of stolen data has not been independently verified.
The attackers said the compromised information spans a wide range of operational datasets related to Telus Digital’s BPO services. These allegedly include customer support records, call center operations data, agent performance metrics, AI-driven support tooling, fraud detection systems, and content moderation infrastructure used by client companies.
The group also claims to have obtained more sensitive internal material, including:
- Source code repositories
- Salesforce datasets
- Financial records
- FBI background check documents
- Voice recordings of customer support calls
In addition to outsourcing-related data, the breach reportedly affected parts of Telus’ telecommunications operations. According to the attackers, the stolen datasets include consumer call records and call metadata tied to the company’s fixed-line services.
The attackers said they began extorting Telus in February, demanding $65 million in exchange for not releasing the stolen information. According to unnamed sources, the company did not engage with the extortionists.
Telus stated that it has implemented additional security measures and engaged external cyber-forensics specialists to assist with the investigation while coordinating with law enforcement authorities. The company said it will notify affected customers as more information becomes available, but as of this writing, it has not published anything on its newsroom or social media channels.
Leave a Reply