Canadian outsourcing and digital services firm Telus Digital has confirmed that it experienced a cybersecurity incident after threat actors alleged they had extracted an enormous volume of data, estimated at nearly one petabyte, over a prolonged period of unauthorized access.
Telus Digital operates as the outsourcing and digital solutions division of Telus. The company provides services such as customer support, content moderation, artificial intelligence data operations, and other business process outsourcing functions to organizations around the world. Because firms in this sector often manage customer interactions, billing systems, and internal authentication tools on behalf of multiple clients, they are frequently targeted by attackers aiming to gain access to large datasets through a single compromise.
The breach has been linked to a threat group known as ShinyHunters, which claims it obtained a wide range of customer-related data connected to Telus Digital’s outsourcing services, along with call records tied to Telus’ consumer telecommunications operations.
Reports about a possible breach had surfaced earlier this year, and inquiries were made to the company at the time, though no response was received then. Telus has now acknowledged the incident, stating that it is investigating what information may have been accessed and which customers could be affected.
In its official statement, the company said unauthorized access was identified in a limited number of systems. It added that immediate steps were taken to contain the activity and prevent further intrusion. Telus also stated that its operations remain fully functional, with no evidence of disruption to customer connectivity or services. The company confirmed that external cyber forensics specialists have been engaged and that law enforcement authorities are involved. It further noted that additional safeguards have been implemented and that affected customers will be notified where appropriate.
Sources indicated that the attackers attempted to extort the company, but Telus did not engage in communication with them.
Attack Method and Data Exposure Claims
After learning that the company was not negotiating, the attackers were contacted for further details regarding the incident.
According to their claims, the intrusion began with access to Google Cloud Platform credentials that were previously exposed in data linked to the Salesloft Drift breach. In that earlier incident, attackers extracted Salesforce data belonging to approximately 760 organizations, including customer support tickets. These records were then examined to locate credentials, authentication tokens, and other sensitive information, which could be reused to access additional systems.
The threat actors stated that they identified credentials associated with Telus within that dataset. These credentials allegedly enabled them to access multiple internal systems, including a large BigQuery data environment. After extracting initial data, they reportedly used the tool trufflehog to scan for further secrets, allowing them to expand their access into additional parts of the company’s infrastructure.
The group claims that the total amount of data taken is close to one petabyte, though this figure has not been independently verified. They also shared the names of 28 well-known companies that they allege were affected. However, these claims have not been confirmed, and the identities of those organizations remain undisclosed.
The data described by the attackers covers a wide range of business operations. This includes information related to customer support services, call center activities, agent performance metric
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: