Telus Digital data breach confirmed after ShinyHunters claims 1PB theft

Telus Digital is probing a confirmed breach as ShinyHunters  claims petabyte-scale data theft tied to compromised cloud credentials.

Telus Digital confirms breach and launches investigation

Telus Digital says it is investigating a cybercrime involving unauthorized access to a limited number of systems after a threat actor claimed it stole nearly 1 petabyte of data.

The company said operations remain fully functional and it has brought in external forensics support and police, adding it will notify affected customers as the investigation progresses.

Why BPO breaches can ripple across multiple brands

As a business process outsourcing (BPO) vendor, Telus Digital supports customer service, content operations and AI-related workflows for external clients, a position that can aggregate sensitive data in one place.

That concentration is why BPO incidents often run a “blast radius” risk. A single compromise can expose customer support artifacts, internal tooling clues and downstream authentication pathways of multiple organizations.

ShinyHunters points to cloud credentials

ShinyHunters claims it gained access using Google Cloud credentials found in data leaked from the Salesloft Drift ecosystem, then pivoted into additional environments after finding more secrets.

Google’s threat intelligence reporting has already warned that Drift/Salesloft-related compromises can enable follow-on intrusions when stolen tokens, credentials or support-case data are reused across platforms.

What data may be exposed and what customers should verify

The attackers allege the haul includes client BPO datasets, such as support operations, moderation workflows, and performance metrics, as well as source codes, financial information, FBI background checks, call records and recordings tied to telecom services. These claims are not yet independently verified.

For affected customers, the immediate hygiene checklist is familiar:

• Rotate cloud and SaaS secrets
• Review BigQuery/Cloud audit logs
• Validate SSO session integrity
• Hunt for “credential-in-data” exposure patterns ShinyHunters is known to exploit