TELUS Digital breach - 1PB data theft

Company involved: TELUS (specifically its outsourcing arm TELUS Digital) announced 2025.03.12

What happened

• TELUS Digital confirmed a cybersecurity incident after hackers claimed they stole nearly 1 petabyte (≈1,000 TB) of data in a multi-month breach.

• The attack is attributed to the hacker group ShinyHunters, known for high-profile data breaches and extortion campaigns. 

What the attackers claim to have stolen

According to the hackers and samples shown to journalists, the stolen data may include:

• Customer support and BPO data

• Call records and recordings

• Personally identifiable information (PII)

• Internal source code

• Financial and operational data

• Background-check data

• Information related to multiple companies that used TELUS services

• Because TELUS Digital provides business process outsourcing (BPO) services, a breach could expose data from many client organizations.

Extortion attempt

• The attackers reportedly demanded about $65 million to prevent the stolen data from being leaked. 

Possible attack method

Reports suggest the attackers:

• Obtained Google Cloud Platform credentials from another breach

• Used them to access TELUS systems

• Then searched for additional credentials to expand access across the environment. 

TELUS response

• The company detected unauthorized access to a limited number of systems

• It is working with cybersecurity experts and law enforcement

• Customer services remain operational with no major disruption reported. 

Verification status

• The hackers’ claim of 1 PB of stolen data has not been independently verified.

• However, sample datasets shared with media appear to contain real internal and customer data.