Telus Digital confirms security incident as ShinyHunters claims massive data theft

Telus Digital has confirmed a cybersecurity incident after threat actors claimed they stole a huge volume of company and customer data from the Canadian business process outsourcing provider. The company says the incident involved unauthorized access to a limited number of systems, that operations remain fully operational, and that it is working with cyber forensics experts and law enforcement.

The biggest unanswered question is the scale of the theft. BleepingComputer reported that ShinyHunters claimed to have stolen nearly 1 petabyte of data, while Reuters reported the gang claimed at least 700 terabytes. Telus itself has not confirmed any specific volume, and independent verification of the full data haul has not happened yet.

What Telus has confirmed is narrower, but important. The company says an unauthorized party accessed some of its systems, that there is no evidence of disruption to customer connectivity or services, and that it is notifying impacted customers as appropriate as the investigation continues.

That makes this a confirmed security incident with unconfirmed breach scope. The alleged data exposure could still prove serious because Telus Digital provides BPO services such as customer support, moderation, AI data services, and other outsourced operations for many outside companies. A breach at that kind of provider can affect multiple clients at once.

What Telus confirmed and what remains a claim

What the hackers claim

According to BleepingComputer, the attackers say they breached Telus using Google Cloud Platform credentials found in data from the Salesloft Drift breach, then used those credentials to access internal systems including a large BigQuery environment. They also claimed they used TruffleHog to search the stolen data for more secrets and pivot deeper into Telus systems. BleepingComputer said it could not independently confirm the full size of the data theft or the impact on the named companies.

Reuters reported a similar but more cautious picture. It said samples shared by the gang appeared to include data tied to at least two dozen companies, including personally identifiable information, call data and recordings, FBI background check information, and source code. Reuters also said it had not verified the authenticity of the data.

That distinction matters. Right now, the strongest confirmed facts come from Telus’ own statement. The broader details about volume, exact method, and the full list of affected customers still come from the attacker or from media review of sample data.

Why this incident matters

• Telus Digital handles outsourced business operations for many companies
• A single compromise at a BPO provider can create downstream risk for multiple clients
• The alleged data types go beyond simple contact records
• Even without confirmed service disruption, the data risk may be significant

The reported data types make this incident especially serious. If even part of the attackers’ claims holds up, the breach could involve call metadata, voice recordings, source code, internal business records, and identity-related information. That would raise both privacy risks and supply-chain risk for client organizations that rely on Telus Digital for outsourced workflows. This is an inference based on the categories described in Reuters and BleepingComputer.

What customers and partners should watch for

• Direct breach notifications from Telus Digital
• Sudden password reset prompts or identity-verification emails
• Unusual support activity involving customer service systems
• Signs of exposed call data, voice recordings, or internal project files
• Follow-on phishing attempts that use real company context

These steps follow from the type of services Telus Digital provides and the kinds of data reportedly included in the stolen samples.

FAQ