Canadian business process outsourcing giant Telus Digital has acknowledged a significant security breach after threat actors claimed to have exfiltrated nearly one petabyte of sensitive data over several months.
The company, which serves as the digital services and BPO arm of telecommunications provider Telus, provides customer support, content moderation, AI data services, and other outsourced operations to businesses worldwide. This positioning makes BPO providers particularly attractive targets for cybercriminals seeking access to vast amounts of customer and corporate information through a single attack vector.
The breach was executed by a group known as ShinyHunters, who assert they obtained extensive customer data from Telus' BPO operations, along with call records from the parent company's consumer telecommunications division.
%20(1)%20(1).webp)
"TELUS Digital is investigating a cybersecurity incident involving unauthorized access to a limited number of our systems. Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion," a Telus spokesperson told BleepingComputer.
The company emphasized that operations continue without disruption. "All business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services," the spokesperson added.
Telus has mobilized significant resources to address the incident. "We have engaged leading cyber forensics experts to support our investigation, and we are working with law enforcement," the company stated. "We have implemented additional security measures to further safeguard our systems and environment."
The telecommunications giant stressed its commitment to affected parties: "As our investigation progresses, we are notifying any impacted customers, as appropriate. The security of our customers' information continues to be our highest priority."
According to ShinyHunters, the breach originated from credentials discovered during the Salesloft Drift security incident. In that previous attack, cybercriminals downloaded Salesforce data for 760 companies, including customer support tickets that were subsequently mined for authentication credentials and other sensitive information.
The hackers claim they found Google Cloud Platform credentials for Telus within the Drift data, which provided access to multiple company systems, including a substantial BigQuery instance. After extracting this initial data, the threat actors reportedly used the cybersecurity tool trufflehog to locate additional credentials, enabling further system penetration and data theft.
ShinyHunters provided the names of 28 well-known companies allegedly affected by the breach, though these identities remain unverified. The stolen information reportedly encompasses various BPO services including customer support operations, call center outsourcing, agent performance evaluations, AI-powered customer support tools, fraud detection systems, and content moderation solutions.
The hackers also claim to have obtained source code, FBI background checks, financial records, Salesforce data, and recorded support calls from various organizations. The breach allegedly extends to Telus' telecommunications services, though the full scope remains under investigation.
Sources indicate that ShinyHunters attempted to extort the company, but Telus chose not to engage with the threat actors. This decision appears to have led to the public disclosure of the breach claims.
As Telus Digital continues its forensic investigation with law enforcement and cybersecurity experts, affected customers await notification about potential data exposure. The incident highlights the inherent risks faced by BPO providers, who often serve as central repositories for sensitive customer information across multiple client organizations.