Telus is now investigating the possibility of a data breach affecting its corporate data. The Canadian telecom company started looking for an incident after hackers posted samples of Telus’ information, as they pretend.
The sample contains employee data, source code, and payroll records. But, until now, the organization did not found proof of an attack.
What Data Is for Sale
The first post regarding Telus’ stolen data dates from February 17, 2023. Hackers posted on a data breach forum an employee list for sale. The list contains 76k email addresses and employee names.
“TELUS employes [sic] from a very recent breach. We have over 76K unique emails and on top of this, we have internal information associated with each employee scraped from Telus’ API,” reads the post, according to BleepingComputer.
It appears that the names from that first post are valid. They correspond with the organization’s employees, especially software developers and technical staff.
A second post followed, on February 21, 2023. The same threat actor posted for sale a sample with the company’s private GitHub repositories, source code, and payroll records. Cybercriminals are saying that the stolen source code can be used for SIM swap attacks.
Despite all this data being posted online, Telus can’t confirm the data breach yet. Internal investigations are ongoing, and specialists are also looking into a third-party vendor breach.
We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web. We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.
Telus for BleepingComputer
As a precautionary measure, clients and employees are advised to be vigilant with any message they might receive. Phishing attacks might target them via email, text, or telephone.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.