Telus Digital confirms breach - hackers allegedly stole 'almost 1 petabyte of data'

News
By published

ShinyHunters take the blame

Malware attack virus alert , malicious software infection , cyber security awareness training to protect business
(Image credit: Shutterstock)
  • ShinyHunters claim Telus Digital breach
  • Attackers stole nearly a petabyte of data via GCP credentials
  • Extortion attempt for $65M, company investigating with law enforcement

Telus Digital has confirmed suffering a cyberattack and losing sensitive customer data, with the breach claimed by the group known as ShinyHunters, who tried extorting their victims for money.

First whispers of the breach were heard in January 2026, according to BleepingComputer, but the Canadian technology and outsourcing powerhouse did not respond to media inquiries so no one knew for certain.

However, earlier this week, Telus told the publication that it was “investigating a cybersecurity incident involving unauthorized access to a limited number of systems”.

Article continues below

The ghost of Salesloft Drift lingers

"All business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services. As part of our response, we have engaged leading cyber forensics experts to support our investigation, and we are working with law enforcement,” the company said.

"We have implemented additional security measures to further safeguard our systems and environment. As our investigation progresses, we are notifying any impacted customers, as appropriate. The security of our customers' information continues to be our highest priority."

At the same time, the miscreants told the publication that they found login credentials for Telus’ Google Cloud Platform during the Salesloft Drift breach. For those with shorter memory spans, the Salesloft Drift breach was a 2025 supply-chain cyberattack in which hackers stole OAuth tokens from the Drift chatbot integration and used them to access customer data stored in Salesforce. The attackers obtained these tokens after compromising Salesloft’s GitHub environment and later used them to query and export sensitive data from hundreds of organizations.

Using the GCP credentials, ShinyHunters accessed multiple systems, including a BigQuery instance which they downloaded, scanned for additional login credentials, then moved laterally. In total, almost a petabyte of data was pulled.

ShinyHunters apparently asked Telus for $65 million in exchange for deleting the data, but the company allegedly is not communicating with the attackers.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.