Telus Digital Investigates Cyberattack on Limited Systems Telus Corp.’s global IT and customer services division, Telus Digital, is probing a cyberattack that resulted in unauthorized access to a "limited number" of its systems. The company confirmed the breach and stated that immediate measures were taken to contain the intrusion. According to spokesperson Richard Gilhooley, Telus Digital’s operations remain fully functional, with no evidence of disruption to customer connectivity or services. The company will notify affected customers as the investigation progresses. Cyber forensics experts and law enforcement are assisting in the probe. The incident follows Telus’s recent acquisition of the remaining shares of Telus Digital in September 2023 for US$539 million a reversal of its 2021 decision to spin off the business. The attack underscores ongoing cybersecurity risks for major telecommunications providers.

Telus Digital Confirms Major Data Breach After ShinyHunters Claims 1 Petabyte Theft Canadian business process outsourcing (BPO) provider Telus Digital has confirmed a security incident after the threat group ShinyHunters claimed to have stolen nearly 1 petabyte of data in a prolonged breach. Telus Digital, a subsidiary of telecom giant Telus, offers customer support, AI data services, content moderation, and other outsourced operations to global clients, making it a prime target for attackers seeking broad access to corporate and customer data. The breach was first reported in January, when BleepingComputer contacted Telus but received no response. On June 10, Telus acknowledged the incident, stating it had detected unauthorized access to a limited number of systems and had taken immediate steps to secure them. The company confirmed that business operations remain unaffected, with no disruption to customer connectivity or services. Telus has engaged cybersecurity forensics experts and is collaborating with law enforcement while notifying impacted customers as the investigation progresses. ShinyHunters, a prolific extortion group, claims the breach began after obtaining Google Cloud Platform credentials from data stolen in the 2023 Salesloft Drift breach. That incident involved the theft of Salesforce data from 760 companies, including support tickets containing credentials later exploited to infiltrate additional platforms. Using these credentials, ShinyHunters accessed Telus systems, including a BigQuery instance, and used tools like TruffleHog to extract further credentials, enabling deeper access. The stolen data allegedly includes: - BPO-related records (customer support logs, agent performance metrics, AI tools, fraud detection systems, and content moderation data) - Source code, FBI background checks, financial information, and Salesforce data - Voice recordings of support calls for multiple companies - Telus consumer telecom data, including call records (timestamps, durations, phone numbers, and metadata) ShinyHunters shared a list of 28 well-known companies allegedly impacted, though these claims remain unverified. The group attempted to extort Telus in February, demanding $65 million to prevent data leaks, but the company did not engage. ShinyHunters has been linked to numerous high-profile breaches, including Google, Cisco, PornHub, and Match Group, often targeting Salesforce and cloud SaaS environments. The group has also conducted voice phishing (vishing) attacks, tricking employees into revealing credentials and MFA codes to hijack SSO accounts for platforms like Microsoft 365, Google Workspace, and Slack. Recent tactics include device code vishing to obtain Microsoft Entra authentication tokens.

Crunchyroll Investigates Alleged Data Breach Impacting 6.8 Million Users Earlier this week, reports emerged that threat actors had stolen data belonging to approximately 6.8 million Crunchyroll users nearly half of the company’s 15 million global user base. The claims surfaced after a hacker contacted BleepingComputer last week, prompting Crunchyroll to launch an investigation into the alleged breach. In a statement, Crunchyroll confirmed it was working with cybersecurity experts to assess the incident. The company later clarified that the exposed data primarily involved customer service ticket information linked to a third-party vendor. While no evidence of ongoing unauthorized access was found, the investigation remains active. According to the threat actors, the breach occurred after they compromised the Okta single sign-on (SSO) account of a Crunchyroll support agent employed by Telus International, a business process outsourcing firm with access to Crunchyroll’s support tickets. The attackers claimed to have deployed malware on the agent’s device, stealing credentials that granted access to multiple platforms, including Google Workspace Mail, Jiro Service Management, Slack, Mixpanel, MaestroQA, Wizer, and Zendesk. Using Zendesk access, the hackers reportedly downloaded 8 million support tickets, which contained 6.8 million unique email addresses, along with usernames, login names, geographic locations, IP addresses, and ticket contents. While some reports suggested credit card exposure, the leaked financial data was limited primarily partial card details (expiration dates and last four digits), with only a small number of full card numbers included. All affected tickets were linked to Telus, supporting the attackers’ claims. The threat actors stated their access was revoked after 24 hours, meaning the stolen data is current up to mid-2025. They also claimed to have sent a $5 million extortion demand to Crunchyroll, though the company has not responded. The breach appears unrelated to a recent alleged attack on Telus Digital by the hacking group ShinyHunters, and the identity of the Crunchyroll attackers remains unknown.

ShinyHunters Claims Massive Breach of Telus Digital, Exposing Customer Data Hackers breached Telus Digital, a Canadian process-outsourcing subsidiary of Telus Corporation, potentially accessing sensitive data from major clients in telecommunications, financial services, healthcare, and media. The company confirmed the incident late last week, stating that business operations remain unaffected and no service disruptions have been reported. Additional security measures have since been implemented. While Telus Digital has not disclosed the full scope of compromised data, the ShinyHunters cybercrime group claimed responsibility, alleging the theft of 1 petabyte of data. Samples shared with Reuters and BleepingComputer included personally identifiable information (PII) and call-center recordings from at least two dozen business customers. The hackers reportedly gained access using Google Cloud Platform credentials stolen from a 2025 Salesloft breach, demonstrating the lingering risks of past cyberattacks. Telus Digital maintains that the breach did not extend to other Telus Corporation divisions, such as its wireless, broadband, or health-technology units. However, Reuters reported that the stolen data may include FBI background check information and source code from multiple business lines. The company is collaborating with law enforcement and cybersecurity experts to investigate and will notify affected customers. If confirmed, this incident would be the latest in a series of high-profile attacks by ShinyHunters, a group active since 2020. Recent targets include Panera Bread, Wynn Resorts, and Odido, with stolen data often leaked on the dark web. The breach underscores how past cyber incidents can fuel future attacks through compromised credentials.