Telus Digital Investigates Cyberattack on ‘Limited Number’ of Its Systems
Telus is investigating a cybersecurity incident that involved unauthorized access to a limited number of systems at its Telus Digital unit. The company says it has taken immediate steps to secure systems, is working with cyber forensics experts and law enforcement, and will notify any customers who may have been affected.
What Telus Says About the Incident
A company spokesman, Richard Gilhooley, said Telus Digital’s operations remain fully operational and that there is no evidence of disruption to customer connectivity or services. The company has taken steps to prevent further intrusion and is notifying any customers who may have been affected as the investigation progresses. Cyber forensics experts are supporting the inquiry and law enforcement has been engaged.
Claims of Large Data Theft, Extortion Group Named
A criminal hacking and extortion group known as ShinyHunters has claimed responsibility for the incident and asserted it stole nearly one petabyte of data from Telus Digital, including a wide range of customer information, and demanded a ransom in exchange for not leaking the material. The group has used a number of names and is associated with an international cybercrime ecosystem referred to as the Com, short for the Community.
Security experts have warned against paying ransoms to such groups. Allison Nixon, chief research officer at a security firm, wrote that paying Com ransomware groups is pointless, saying victims typically do not get what they are promised and that the extorters often resort to threats and harassment when data theft alone does not achieve their aims. The FBI has described the Com as a primarily English-speaking, international online ecosystem made up of multiple interconnected networks whose members, many of whom are minors, engage in a variety of criminal violations.
Context, Business Impact and Related Legal Claims
Telus Digital is the company’s business-outsourcing and technology arm, providing digital services that include cloud, automation and design. The telecom reversed an earlier plan to spin off the business when it signed a deal last September to acquire the shares of Telus Digital it did not already own for a total of US$539 million.
Investigations into attacks attributed to ShinyHunters have prompted proposed class-action lawsuits against several U. S. companies for allegedly failing to protect customer data. Examples cited in filings include a suit in Nevada alleging more than 800, 000 customer records were taken from one company, a Southern District of New York filing alleging more than 29. 8 million accounts were accessed at another, and a proposed action in Colorado alleging more than five million client records were accessed at a financial-planning firm. None of those allegations have been proved in court.
Telus says it is monitoring the situation as the investigation continues and will notify affected customers as appropriate. The company and investigators are focused on securing systems and preventing further intrusion while assessing the scope of any exposed data.
