Telus Digital Confirms Major Data Breach After Hacker Claims
▼ Summary
– Telus Digital, the BPO arm of Canadian telecom Telus, confirmed a security breach after threat actors claimed to have stolen nearly 1 petabyte of data.
– The breach was carried out by the prolific extortion gang ShinyHunters, who claim to have accessed systems using credentials found in data from a prior breach of Salesloft Drift.
– The stolen data allegedly includes a wide range of sensitive information from Telus and its BPO clients, such as customer support records, call data, source code, and financial details.
– Telus stated it has secured its systems, engaged forensic experts and law enforcement, and is notifying impacted customers, but has not negotiated with the threat actors.
– ShinyHunters is a major threat actor known for stealing data from cloud services and has recently employed sophisticated voice phishing (vishing) attacks to hijack single sign-on accounts.
A significant security incident has been confirmed by Telus Digital, the business process outsourcing division of the Canadian telecommunications firm Telus. The company acknowledged the breach after a threat actor known as ShinyHunters claimed responsibility for stealing an immense volume of data, reportedly close to one petabyte, over a period of several months. This type of provider is a particularly attractive target for cybercriminals because it handles sensitive customer support, billing, and authentication services for numerous global companies, meaning a single intrusion can expose a vast trove of corporate and consumer information.
The breach reportedly impacted both Telus Digital’s BPO operations and the company’s own consumer telecommunications services. According to statements from the hackers, the stolen information includes a wide array of data, from customer support records and call center details to source code, financial documents, and even FBI background checks. The threat actors allege they accessed systems using credentials found in data stolen from a previous breach at Salesloft Drift, demonstrating how one compromised platform can lead to further intrusions elsewhere.
Telus stated that upon discovering the unauthorized activity, it took immediate steps to secure its systems. The company has engaged cybersecurity forensics experts and is cooperating with law enforcement. All business operations within Telus Digital remain fully functional, with no evidence of disruption to customer services. The organization emphasized that notifying impacted customers is a priority as the investigation determines the full scope of the incident.
ShinyHunters told media outlets that they began extorting Telus in February, demanding a multi-million dollar ransom. The company has not engaged in negotiations with the hackers. The group claims to have used credentials discovered in the Salesloft Drift data to initially access Telus systems via Google Cloud Platform. From there, they allegedly used security scanning tools to find additional credentials, allowing them to move laterally through the network and exfiltrate massive datasets related to Telus and its many clients.
While the hackers provided a list of prominent companies allegedly affected, these names have not been independently verified. The types of data exposed appear to vary significantly between clients but are said to encompass BPO-related services like agent performance ratings, AI support tools, fraud detection systems, and content moderation solutions. For Telus’s own telecom services, the breach reportedly includes detailed call records, voice recordings, and marketing campaign data.
The ShinyHunters group has emerged as one of the most prolific threat actors this year, linked to numerous high-profile data theft attacks. Their primary focus involves stealing data from cloud and SaaS environments like Salesforce. Beyond data theft, the group has recently engaged in sophisticated voice phishing, or vishing, campaigns. In these attacks, they impersonate IT support staff to trick employees into surrendering login credentials and multi-factor authentication codes, which are then used to hijack single sign-on accounts and breach connected enterprise platforms.
(Source: Bleeping Computer)
