- ShinyHunters claims Telus Digital breach
- Attackers stole nearly a petabyte of data via GCP credentials
- $65 million extortion attempt, company investigating with law enforcement
Telus Digital has confirmed it suffered a cyber attack and lost sensitive customer data, with the breach claimed by the group known as ShinyHunters, who tried to blackmail their victims for money.
First whispers of the breakup were heard in January 2026, according to Bleeping Computerbut the Canadian technology and outsourcing powerhouse did not respond to media inquiries, so no one knew for sure.
But earlier this week, Telus told the publication that it was “investigating a cybersecurity incident involving unauthorized access to a limited number of systems.”
The article continues below
The ghost of Salesloft Drift lingers
“All business activities within TELUS Digital remain fully operational and there is no evidence of disruption to customer connectivity or services. As part of our response, we have engaged leading cyber forensics experts to support our investigation and are working with law enforcement,” the company said.
“We have implemented additional security measures to further protect our systems and environment. As our investigation progresses, we will notify all affected customers as appropriate. The security of our customers’ information remains our highest priority.”
At the same time, the criminals told the publication that they found login information for Telus’ Google Cloud Platform during the Salesloft Drift breach. For those with shorter memory spans, the Salesloft Drift breach was a supply chain cyberattack in 2025 where hackers stole OAuth tokens from the Drift chatbot integration and used them to access customer data stored in Salesforce. The attackers obtained these tokens after compromising Salesloft’s GitHub environment and later used them to query and export sensitive data from hundreds of organizations.
Using the GCP credentials, ShinyHunters gained access to multiple systems, including a BigQuery instance, which they downloaded, scanned for additional login information, and then moved to the site. In total, almost a petabyte of data was extracted.
ShinyHunters apparently asked Telus for $65 million in exchange for deleting the data, but the company is reportedly not communicating with the attackers.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
