Telus Digital, a company that offers business process outsourcing (BPO) services to organizations around the world, recently suffered a major cyberattack carried out by the extortion group ShinyHunters.
ShinyHunters has been active since 2020 and is known for stealing data from platforms such as Salesforce and other software-as-a-service (SaaS) providers. Recently, the group has also been using voice phishing (vishing) tactics. In these attacks, the hackers pretend to be IT staff and trick employees into entering their login details on fake websites designed to capture their credentials.
In a statement shared with CSO on Thursday, Telus Digital confirmed that it is currently investigating a cybersecurity incident involving unauthorized access to a small portion of its internal systems. The company said it responded immediately after detecting the issue, taking steps to stop the suspicious activity and strengthen system protections to prevent further access. It also stated that the situation is being actively handled and closely monitored.
The company emphasized that all Telus Digital business operations are still running normally. According to the statement, there is no indication that customer services or connectivity have been affected. Telus Digital also said it has brought in cybersecurity forensic specialists to assist with the investigation and is cooperating with law enforcement authorities.
Additionally, the company reported that it has introduced extra security controls to better protect its systems and digital environment. As the investigation continues, Telus Digital said it will notify any customers who may have been impacted. The company stressed that protecting customer data remains its top priority.
However, one report claims that ShinyHunters says it stole more than one petabyte of data from Telus Digital and its clients. Many of those clients rely on the company’s BPO services to manage customer support operations. When asked to verify this claim, a Telus spokesperson declined to comment.
Attackers are becoming better at gaining trust
According to Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, the incident does not appear to be a traditional perimeter security failure. He explained that when breaches of this scale happen, people usually assume a vulnerability was exploited or malware bypassed defenses.
However, Jean-Louis noted that the details of the Telus Digital breach suggest a different scenario. He explained that modern attackers often do not need to break into systems if they can appear legitimate. Signs such as long attacker presence within the network, very large data transfers, and delayed detection often indicate that the attackers used valid credentials or trusted access, rather than exploiting technical vulnerabilities.
In other words, the systems may have trusted the attacker as a legitimate user. Based on available information, the incident fits a growing trend of data-theft-focused attacks where attackers gain access and quietly extract information instead of immediately deploying ransomware.
Key security priorities for organizations
Jean-Louis said this event highlights several important security priorities for organizations:
- Treat identity as the new security perimeter. If user credentials are compromised, attackers can potentially access everything connected to that account.
- Implement multi-factor authentication (MFA) everywhere, especially for administrators and third-party access.
- Monitor data activity closely, including when data is accessed, combined, or transferred.
- Set alerts for unusual bulk access patterns, not just large downloads, and define normal data movement limits based on user roles.
He also warned that flat network structures make large breaches easier. Once attackers gain a foothold, they can move laterally across the network, increasing the scale of the attack.
For chief security officers (CSOs), Jean-Louis recommends strong network segmentation, isolating sensitive data from general access areas, and investing in behavioral analytics and threat-hunting tools. Security teams should focus on detecting subtle patterns and anomalies over weeks, not only sudden spikes in activity.
Organizations must prepare for data theft
Another key lesson from this incident, Jean-Louis said, is that companies should plan for data-theft scenarios, not only ransomware attacks. Many incident response plans still assume that the main impact of an attack will be data encryption, while attackers increasingly focus on quietly stealing large volumes of information.
He concluded that the biggest challenge today is not that attackers are getting better at forcing their way into systems, but that they are becoming more successful at appearing trustworthy. Organizations that rely mainly on perimeter defenses and malware detection may continue to face risks from this evolving type of attack.
