TELUS Digital, the business process outsourcing (BPO) arm of the Canadian telecommunications giant Telus, has confirmed a massive data breach.
Telus learned of the breach after detecting suspicious activity and a threat actor taking credit for the attack and threatening to leak the stolen information on a data leak site.
Upon learning of the breach, Telus responded by launching an investigation with a third-party experienced cyber forensics team and notifying law enforcement.
“TELUS Digital is investigating a cybersecurity incident involving unauthorized access to a limited number of our systems,” the company stated. “Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion.”
TELUS investigates data breach
Telus’ ongoing investigation has determined that the attacker accessed a limited number of its systems. According to the attacker, the data breach leaked personal and business information, including the company’s call records.
However, the number of impacted individuals and companies, and the nature of the stolen information, remain unknown pending the ongoing investigation, according to the company.
Nevertheless, the cyber attack did not impact the company’s internal or customer-facing operations, thus ruling out a ransomware attack. Similarly, the company has implemented additional security measures to protect its infrastructure from further compromise.
“All business operations within TELUS Digital remain fully operational and there is no evidence of disruption to customer connectivity or services,” the company stated.
Meanwhile, Telus has notified impacted individuals and relevant law enforcement authorities. The company is also closely monitoring the situation and observing further developments. It also promised to release more information when the investigation is concluded.
“As our investigation progresses, we are notifying any impacted customers, as appropriate. The security of our customers’ information continues to be our highest priority,” Telus said.
So far, the Vancouver-based BPO giant has not confirmed receiving ransom demands or attributed the attack to any hacking group.
ShinyHunters linked to Telus data breach
The hacking group ShinyHunters has claimed responsibility for the Telus data breach and threatened to publish the stolen information, totaling nearly a petabyte.
ShinyHunters claims it stole the company’s call data, source code, background checks information, and personal data. It also claims that the data breach affected at least a dozen organizations, including banks and information technology companies.
However, Telus believes the data breach did not compromise the personal, business, or health information of its customers and clients. Subsequently, Telus Consumer Mobility, Home Solutions, Telus Health, and Agriculture and Consumer Goods customers should consider themselves unaffected as per the company’s admission.
“At this time, there is no evidence to indicate any exposure or impact to business, client, personal or personal health information of TELUS Health customers,” the company stated.
While the outsourcer has not disclosed the attack vector, ShinyHunters claims it breached the company via Google Cloud Platform by exploiting credentials stolen during the Salesloft Drift data breach.
The Salesloft Drift attack had exposed secrets, including OAuth tokens, that security experts warned could later lead to data breaches targeting downstream customers. It also exposed customer support tickets, which typically contain crucial information that attackers could use to conduct social engineering attacks.
“The Salesloft breach really is the gift that keeps on giving,” said Denis Calderone, CTO, Suzu Labs. “The credentials used to get into Telus Digital trace back to the Salesloft compromise that started in early 2025. Those credentials have been making the rounds ever since, first into Drift’s AWS environment, then into Salesforce instances across 760 organizations, and now into a BPO that holds call recordings and FBI background checks for dozens of companies.”
