The Canadian business-process outsourcer, which counts many major businesses among its customers, still isn’t sure what the hackers stole.
Telus Digital, a major Canadian process outsourcing and digital services provider, has confirmed a cybersecurity breach that may have exposed sensitive data belonging to its enterprise customers. The incident highlights growing concerns around data security in industries such as telecommunications, financial services, healthcare, and media, where large-scale customer data processing is central to operations.
The company stated that while business operations remain fully functional and there has been no disruption to customer service or connectivity, an investigation is ongoing to determine the scope and nature of the compromised data. Telus Digital has implemented additional security measures and is working with cybersecurity experts and law enforcement agencies to assess the impact and strengthen its defenses.
Telus Digital, a subsidiary of Vancouver-based Telus Corporation, plays a critical role in delivering customer experience solutions, including call center operations, AI-powered chatbots, fraud prevention systems, and data-driven customer engagement tools. Given the scale of its services, any breach involving its infrastructure has the potential to impact multiple global enterprises and millions of end users.
The ShinyHunters cybercrime group has claimed responsibility for the attack, alleging that it exfiltrated approximately one petabyte of data. According to reports, the stolen data includes personally identifiable information (PII), call center recordings, and sensitive business data linked to at least two dozen enterprise clients. Samples shared with cybersecurity researchers appear to validate portions of these claims.
Further details suggest that the attackers may have gained access by leveraging compromised Google Cloud Platform credentials, which were reportedly obtained from a previous breach involving Salesloft in 2025. This highlights a critical risk in modern cloud ecosystems, where credential reuse and third-party data exposure can create cascading security vulnerabilities across interconnected systems.
Despite the severity of the breach, Telus Digital emphasized that the incident is contained within its specific business unit and does not appear to have affected other divisions of Telus Corporation, including its telecommunications, wireless, healthcare technology, or precision agriculture operations. However, some reports indicate that the compromised dataset may include sensitive materials such as source code and background check information, raising concerns about broader exposure.
This incident underscores the increasing sophistication of cybercriminal groups and the growing importance of securing cloud-based infrastructure, identity credentials, and third-party integrations. As organizations continue to adopt AI-driven platforms and digital customer experience technologies, ensuring robust cybersecurity frameworks becomes essential to protect sensitive data and maintain operational trust.
Telus Digital has stated that it will notify affected customers as more information becomes available. The breach serves as a reminder for enterprises to reassess their cybersecurity strategies, particularly around cloud access management, data protection, and incident response readiness in an evolving threat landscape.
Recommended Cyber News :
- What Is SIEM (Security Information and Event Management)?
- Improving Risk Management with AI and Machine Learning Strategies
- The Salesloft Drift Breach: What Really Happened and How Salesforce Data Was Exposed
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
