- ShinyHunters Claims Telus Digital Infringement
- Attackers stole nearly a petabyte of data via GCP credentials
- $65 million extortion attempt, company investigating law enforcement
Telus Digital has confirmed it suffered a cyberattack and lost sensitive customer data, with the breach claimed by the group known as ShinyHunters, who attempted to extort money from its victims.
The first whispers of violation were heard in January 2026, according to BeepComputerbut the Canadian technology and outsourcing powerhouse did not respond to media inquiries, so no one knew for sure.
However, earlier this week, Telus told the publication that it was “investigating a cybersecurity incident involving unauthorized access to a limited number of systems.”
Article continues below
The ghost of Salesloft Drift lingers
“All TELUS Digital business operations remain fully operational, and there is no evidence of disruption to customer connectivity or services. As part of our response, we have engaged leading cybercrime experts to support our investigation, and we are working with law enforcement,” the company said.
“We have implemented additional security measures to further protect our systems and environment. As our investigation progresses, we are notifying all affected customers as appropriate. The security of our customers’ information continues to be our top priority.”
At the same time, the miscreants told the publication that they found the login credentials for Telus’ Google Cloud platform during the Salesloft Drift breach. For those with shorter memories, the Salesloft Drift breach was a 2025 supply chain cyberattack in which hackers stole OAuth tokens from the Drift chatbot integration and used them to access customer data stored in Salesforce. The attackers obtained these tokens after compromising Salesloft’s GitHub environment and then used them to query and export sensitive data from hundreds of organizations.
Using GCP credentials, ShinyHunters accessed multiple systems, including a BigQuery instance that they downloaded, searched for additional login information, and then moved laterally. In total, almost a petabyte of data was extracted.
ShinyHunters reportedly demanded $65 million from Telus in exchange for deleting the data, but the company reportedly did not communicate with the attackers.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
