Cyber Incident Victim: TELUS

On or around February 17, 2023, a threat actor advertised the sale of data purportedly stolen from TELUS, Canada's second-largest telecommunications company, on a data breach forum. The actor initially claimed to possess an employee list containing over 76,000 unique email addresses alongside internal information scraped from TELUS systems via an API. A sample shared by the threat actor included names and email addresses matching those of current TELUS employees, predominantly software developers and technical staff. By February 21, the same actor expanded their offerings, listing TELUS's private GitHub repositories, source code, and payroll records for sale. Their claims included access to backend, frontend, middleware components, AWS keys, Google authentication keys, testing environments, and a "sim-swap-api" tool described as enabling SIM swap attacks. The seller framed this as a "FULL breach," though the article noted an investigation was ongoing to verify the legitimacy and origin of the data.

TELUS initiated an investigation upon becoming aware of the incident, publicly confirming the appearance of "a small amount of data related to internal TELUS source code and select TELUS team members’ information" on the dark web but stating no evidence of corporate or retail customer data compromise had been found. The company emphasized continuous monitoring of the situation. Leaked employee information raised immediate concerns over targeted phishing or scams, prompting TELUS to warn employees and customers against engaging with suspicious communications. The exposure of internal repositories and authentication credentials introduced potential operational and security risks, though the scope and validity of the breach remained unconfirmed. The threat actor’s persistent postings and claims of extensive access underscored the incident’s severity while TELUS maintained its investigation without concluding whether systems were directly breached or if third-party vendor involvement occurred.