- ShinyHunters claim Telus Digital breach
- Attackers stole nearly a petabyte of data via GCP credentials
- Extortion attempt for $65M, company investigating with law enforcement
Telus Digital has confirmed suffering a cyberattack and losing sensitive customer data, with the breach claimed by the group known as ShinyHunters, who tried extorting their victims for money.
First whispers of the breach were heard in January 2026, according to BleepingComputer, but the Canadian technology and outsourcing powerhouse did not respond to media inquiries so no one knew for certain.
However, earlier this week, Telus told the publication that it was “investigating a cybersecurity incident involving unauthorized access to a limited number of systems”.
The ghost of Salesloft Drift lingers
"All business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services. As part of our response, we have engaged leading cyber forensics experts to support our investigation, and we are working with law enforcement,” the company said.
"We have implemented additional security measures to further safeguard our systems and environment. As our investigation progresses, we are notifying any impacted customers, as appropriate. The security of our customers' information continues to be our highest priority."
At the same time, the miscreants told the publication that they found login credentials for Telus’ Google Cloud Platform during the Salesloft Drift breach. For those with shorter memory spans, the Salesloft Drift breach was a 2025 supply-chain cyberattack in which hackers stole OAuth tokens from the Drift chatbot integration and used them to access customer data stored in Salesforce. The attackers obtained these tokens after compromising Salesloft’s GitHub environment and later used them to query and export sensitive data from hundreds of organizations.
Using the GCP credentials, ShinyHunters accessed multiple systems, including a BigQuery instance which they downloaded, scanned for additional login credentials, then moved laterally. In total, almost a petabyte of data was pulled.
ShinyHunters apparently asked Telus for $65 million in exchange for deleting the data, but the company allegedly is not communicating with the attackers.
