- ShinyHunters denounces Telus Digital breach
- Attackers stole nearly a petabyte of data using GCP credentials
- Attempted extortion of 65 million dollars, the company investigates with the authorities
Telus Digital has confirmed that it suffered a cyber attack and lost confidential customer data, with the breach being claimed by the group known as ShinyHunters, which attempted to extort money from its victims.
The first rumors about the breach were heard in January 2026, according to beepcomputerbut the Canadian technology and outsourcing powerhouse did not respond to media inquiries, so no one knew for sure.
However, earlier this week, Telus told the publication that it was “investigating a cybersecurity incident involving unauthorized access to a limited number of systems.”
Article continues below.
The ghost of Salesloft Drift lingers
“All business operations within TELUS Digital remain fully operational and there is no evidence of disruption to connectivity or customer services. As part of our response, we have engaged leading cyber forensics experts to support our investigation and are working with authorities,” the company said.
“We have implemented additional security measures to further safeguard our systems and environment. As our investigation continues, we are notifying affected customers as appropriate. The security of our customers’ information remains our top priority.”
At the same time, bad actors told the publication that they found login credentials for Telus’ Google Cloud Platform during the Salesloft Drift breach. For those with shorter memory spans, the Salesloft Drift breach was a 2025 supply chain cyberattack in which hackers stole OAuth tokens from the Drift chatbot integration and used them to access customer data stored in Salesforce. The attackers obtained these tokens after compromising Salesloft’s GitHub environment and then used them to query and export sensitive data from hundreds of organizations.
Using GCP credentials, ShinyHunters accessed several systems, including a BigQuery instance that they downloaded, scanned for additional login credentials, and then moved laterally. In total, almost a petabyte of data was extracted.
ShinyHunters apparently asked Telus for $65 million in exchange for deleting the data, but the company is allegedly not communicating with the attackers.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
