Canadian telecommunications giant Telus has confirmed it is investigating a major cybersecurity breach after the notorious ShinyHunters hacking group claimed to have stolen nearly 1 petabyte of data — equivalent to one million gigabytes — from the company's systems in a multi-month attack that has now escalated into a $65 million ransom demand.
A spokesperson for Telus Digital — the digital services and business process outsourcing arm of Telus Corporation — confirmed the breach to Reuters, Bloomberg, and BleepingComputer on Thursday, March 12, 2026, saying the company had discovered "unauthorized access to a limited number of our systems" and had immediately taken steps to contain the damage.
The spokesperson said: "TELUS Digital is investigating a cybersecurity incident involving unauthorized access to a limited number of our systems. Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion. We are actively managing the situation and continue to monitor it closely. All business operations within TELUS Digital remain fully operational, and there is no evidence of disruption to customer connectivity or services."
The statement confirmed that Telus has engaged leading cyber forensics experts, is working with law enforcement, and is notifying impacted customers. However, the company's statement did not address what kind of data was stolen, how much data was taken, or how many customers and companies may have been affected — leaving millions of people across Canada and beyond in the dark about whether their personal information has been compromised.
Who Are ShinyHunters — The Gang Behind The Attack?
ShinyHunters is one of the most prolific and dangerous cybercriminal hacking groups operating in the world today. The group — whose name is a reference to rare Pokémon characters — has been responsible for a string of high-profile data breaches targeting major corporations, telecommunications companies, and technology platforms across North America, Europe, and Asia.
In recent months alone, ShinyHunters has been linked to breaches targeting Dutch telecom Odido — where they exposed personal information from more than six million accounts — as well as Wynn Resorts, PornHub, Salesforce, and dozens of other companies. The group has become particularly notorious for using voice phishing attacks to hijack single sign-on accounts for enterprise platforms like Okta and Slack — giving them deep, persistent access to corporate systems before their victims even realise they have been compromised.
ShinyHunters told Reuters directly, in a message sent on Thursday, that they had stolen at least 700 terabytes of data from Telus — while telling BleepingComputer they believed the total stolen was closer to 1 petabyte, or nearly 1,000 terabytes. BleepingComputer said it could not independently confirm the total size of the stolen data, but noted that samples of the data shared by ShinyHunters with the publication appeared genuine and contained sensitive information related to at least two dozen major companies that used Telus Digital as their outsourced service provider.
How The Hack Happened — Google Cloud Credentials Were The Entry Point
According to BleepingComputer's investigation, ShinyHunters did not breach Telus directly through a frontal attack on the company's own defences. Instead, they got in through a back door — exploiting Google Cloud Platform credentials that had been stolen in a completely separate earlier breach of Salesloft Drift, a popular business communication and customer engagement platform used by thousands of companies worldwide.
After finding Telus's Google Cloud credentials buried inside the Drift data, ShinyHunters used the cybersecurity tool TruffleHog — a tool normally used by legitimate security professionals to scan code for accidentally exposed credentials — to search through the stolen data for additional login details and access tokens. This allowed them to pivot from one compromised system to the next, penetrating deeper and deeper into Telus's internal infrastructure over a period of several months without being detected.
The sheer scale of what ShinyHunters claims to have accessed is extraordinary. According to the group, the stolen data includes customer support records, voice recordings of customer calls, financial information, employee payroll data, proprietary source code, and — most alarmingly — FBI background check records related to individuals whose information passed through Telus Digital's systems.
ShinyHunters also told BleepingComputer that after downloading the data, they reached out to Telus in February 2026 and demanded a ransom of $65 million to keep the stolen information private and off the dark web. Telus refused to engage with the group. In response, ShinyHunters has now gone public — sharing data samples with journalists and threatening to publish everything unless the ransom is paid.
Why This Matters — Telus Digital Handles Data For Dozens Of Global Companies
The scale of the potential damage from this breach goes far beyond Telus itself. To understand why, it is important to understand what Telus Digital actually does.
Telus Digital is not just a phone company. It is one of Canada's largest business process outsourcing (BPO) providers — meaning it handles customer support, content moderation, AI data training services, billing operations, and internal authentication systems on behalf of dozens of major corporations around the world. When you call the customer service line of certain major international brands, there is a significant chance you are actually speaking to a Telus Digital agent — and that your name, phone number, account details, and conversation are being processed through Telus Digital's systems.
This is precisely what makes BPO providers such attractive targets for criminal hackers. By breaching a single BPO provider, a threat actor can potentially access the customer data of dozens of major companies simultaneously — a far more efficient and lucrative attack than trying to breach each company individually. ShinyHunters told BleepingComputer they have data related to at least 28 well-known companies whose customer information flowed through Telus Digital's systems — though BleepingComputer declined to name those companies, saying it had been unable to independently verify which ones were affected.
Samples of the data shared by ShinyHunters with Reuters confirmed the stolen files include personally identifiable information, call data and recordings — the kind of sensitive material that can be used for identity theft, financial fraud, targeted phishing attacks, and corporate espionage.
This Is Not Telus's First Breach
For Telus, Thursday's confirmation is the second major cybersecurity incident in recent years. In 2023, a separate breach affected Telus International's AI recruitment platform, compromising the personal information of approximately 680,000 people worldwide — including 13,622 South Korean nationals. That breach resulted in regulatory fines and significant reputational damage. Hackers in that 2023 incident exploited unpatched security vulnerabilities that allowed general users to escalate their access privileges to administrator level.
The fact that Telus is now facing a second, far larger breach — apparently carried out over multiple months without detection — raises serious questions about whether the company fully addressed the systemic security weaknesses exposed in 2023, and whether its cybersecurity investments have kept pace with the rapidly evolving threat landscape.
Telus CEO Darren Entwistle had, as recently as the company's last earnings call, spoken enthusiastically about integrating Telus Digital's AI and data capabilities across the entire Telus business portfolio — describing it as "enabling strategic cross-promotion" throughout the company. Those same AI and data systems now appear to be at the heart of the breach.
What Should Telus Customers Do Now?
Telus has said it is "notifying impacted customers, as appropriate" — but has not specified a timeline for those notifications or explained exactly what information may have been compromised. Cybersecurity experts strongly advise anyone who has had dealings with Telus or any company that uses Telus Digital as a service provider to take immediate precautionary steps.
These include changing passwords on all accounts — particularly those linked to email addresses, phone numbers, or financial accounts connected to any service that may use Telus Digital for customer support. Customers are also advised to enable two-factor authentication on all important accounts, monitor bank statements and credit reports for any unusual activity, and be alert to phishing emails or phone calls from people claiming to represent companies whose data may have been stolen.
The involvement of FBI background check records in the stolen data is particularly alarming, as it suggests the breach may affect individuals who have undergone background checks for employment or security clearance purposes — potentially exposing highly sensitive personal history information to criminal actors.
In Pidgin: Hackers Don Steal Massive Data From Canadian Telecom Giant Telus
Canadian big telecom company Telus don confirm say hackers don break enter their system and steal massive amount of sensitive data. The hacking group wey dem call ShinyHunters tell Reuters say dem don steal at least 700 terabytes of data — while dem tell another tech website say the real amount fit reach 1 petabyte, wey be like one million gigabytes of information.
The hackers say dem get into Telus system through credentials wey dem steal from another company first — then dem use that to enter deeper and deeper into Telus systems for several months without anybody know. The data wey dem claim to steal include customer names and details, voice recordings of phone calls, employee salary information, company source code, and even FBI background check records.
ShinyHunters then tell Telus say make dem pay $65 million ransom or dem go release everything to the internet. But Telus refuse to negotiate with the group — and now the hackers don begin share samples of the stolen data with journalists to show say the breach na real.
The big problem na say Telus Digital dey handle customer service and data for more than 28 major companies around the world — meaning this breach fit affect the customers of many different businesses, not just Telus itself. Cybersecurity experts dey advise people to change their passwords and monitor their bank accounts for any suspicious activity.
Sources: Reuters, Bloomberg, BleepingComputer, Globe and Mail, CTV News — March 12, 2026