How did ShinyHunters breach Telus Digital?

The attackers used Google Cloud Platform (GCP) credentials found in data stolen during the Salesloft Drift breach to access Telus systems.

What tools were used during the attack?

The threat actors used the secret-scanning tool trufflehog to find additional credentials within the initial stolen data to pivot deeper into the network.

What volume of data was stolen?

ShinyHunters claims to have exfiltrated nearly 1 petabyte of data, though Telus has only confirmed unauthorized access to a limited number of systems.

What types of data were compromised?

The stolen data includes call records, voice recordings, source code, FBI background checks, and financial information.

Did Telus Digital pay the ransom?

Telus reportedly did not engage with the threat actors or respond to their $65 million ransom demand.

Incident

Telus Digital Confirms Data Breach Following 1 Petabyte Theft Claim by ShinyHunters

published: March 12, 2026

Learn More

Telus Digital, the business process outsourcing (BPO) division of Canadian telecommunications giant Telus, confirmed a cybersecurity incident following claims of a massive data theft by the ShinyHunters threat group.

The breach, which reportedly spanned several months, became public after the attackers began extorting the company for $65 million. Telus describes the unauthorized access as limited to a small number of systems but the threat actors claim to have stolen nearly one petabyte of data belonging to the company and its global corporate clients.

The attackers gained access by exploiting Google Cloud Platform (GCP) credentials discovered within data stolen during the previous Salesloft Drift breach. ShinyHunters scanned stolen support tickets for authentication tokens and secrets, which allowed them to break into a Telus BigQuery instance. Once inside, the group used the secret-scanning tool trufflehog to find additional credentials, enabling them to pivot through the network and access multiple internal systems and databases.

The compromised data includes:

Detailed call records including timestamps, duration, and phone numbers
Voice recordings of customer support calls
Internal source code and Salesforce data
FBI background checks and financial information
Agent performance ratings and content moderation records
AI-powered customer support tools and fraud detection data

The number of affected individuals is not disclosed. The threat actor claims the breach impacts 28 major companies. The group demanded a $65 million ransom, which Telus has reportedly refused to pay.

Telus Digital hired external cyber forensics experts to lead the investigation. The company is currently working with law enforcement and has begun notifying impacted customers as the investigation progresses. Despite the breach, Telus maintains that all business operations are fully functional and that there has been no disruption to customer connectivity or telecommunications services.

Telus Digital Confirms Data Breach Following 1 Petabyte Theft Claim by ShinyHunters

Read More
Drug testing firm DISA Global Solutions reports data …
Andy Frain reports ransomware attack and data breach …
Akira ransomware gang claims breach of Italian company …
Alltech Consulting Services leaks data of 216k people
NAHGA Claim Services data breach exposes health information …