On March 12, 2026, TELUS Corporation announced that it is investigating a cybersecurity incident that involved unauthorized access to a limited number of its systems. The breach, which began in August 2025, was detected during routine monitoring and is currently being examined by the company’s security teams in conjunction with leading cyber‑forensics experts and law enforcement.
The incident is estimated to have compromised up to 1 petabyte (1,000 terabytes) of data, including customer support records, call logs, voice recordings, financial information, FBI background checks, employee payroll data, and source code. The attackers are believed to have used Google Cloud Platform credentials that were obtained from a prior breach at Salesloft Drift, illustrating the risk of supply‑chain attacks on cloud‑based services.
ShinyHunters, the group identified as the threat actors, sent a ransom note to TELUS in February 2026 demanding $65 million in Bitcoin. TELUS has not yet disclosed whether the ransom was paid, but the company emphasized that it is taking the matter seriously and will provide further updates as the investigation proceeds.
TELUS Digital, the business process outsourcing arm that handles customer support, content moderation, and AI data services for global brands, stated: "TELUS Digital is investigating a cybersecurity incident involving unauthorized access to a limited number of our systems. Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion. We are actively managing the situation and continue to monitor it closely."
The company also confirmed that all business operations within TELUS Digital remain fully operational and that there is no evidence of disruption to customer connectivity or services. "All business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services," the company added. "As part of our response, we have engaged leading cyber forensics experts to support our investigation, and we are working with law enforcement. We have implemented additional security measures to further safeguard our systems and environment. As our investigation progresses, we are notifying any impacted customers, as appropriate. The security of our customers' information continues to be our highest priority."
The breach underscores the vulnerability of business process outsourcing providers, which often handle sensitive data for multiple clients. While TELUS has not yet reported any customer service disruptions, the scale of the data loss raises concerns about potential regulatory fines, reputational damage, and the need for enhanced security controls across its cloud‑based operations. The incident also highlights the importance of securing third‑party credentials and monitoring for supply‑chain threats in the increasingly interconnected digital ecosystem.
The content on EveryTicker is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.