Telus Digital Hit by Cyberattack, Data Breach Affects Multiple Organizations
Canadian IT and customer services firm Telus Digital is grappling with a significant cyberattack that has potentially exposed a vast amount of data. The breach, attributed to the extortion group ShinyHunters, has raised concerns about the security of sensitive information and the ripple effects across organizations that rely on Telus Digital’s services.
Details of the Breach
Telus Digital first acknowledged the incident on March 13, 2026, stating that unauthorized access was gained to a “limited number” of its systems . The company immediately took steps to contain the intrusion and prevent further unauthorized activity. Spokesman Richard Gilhooley confirmed that operations remain fully operational, with no reported disruption to customer connectivity or services.
However, reports indicate the scale of the breach may be far larger than initially stated. Security experts suggest that over a petabyte of data may have been compromised . ShinyHunters reportedly gained access through valid Google Cloud Platform credentials acquired during the Salesloft breach.
Impact on Other Organizations
The breach at Telus Digital has already had repercussions for other companies. Starbucks recently disclosed a data breach affecting approximately 889 employees, stemming from unauthorized access to its HR portals . Attackers gained access to sensitive employee data, including Social Security numbers, dates of birth, and financial account information. Starbucks stated the attackers spoofed the HR portal login page to capture employee credentials.
Broader Cybersecurity Concerns
The Telus Digital breach occurs amidst a heightened geopolitical landscape and an increase in sophisticated cyber threats. Citrix CISO Kumar Palaniappan urged customers to implement all available security patches immediately, citing a marked uptick in targeted attacks against critical infrastructure and supply chains . These threats include advanced persistent threats (APTs), ransomware campaigns, and zero-day exploitation attempts.
a former engineer at the US Department of Government Efficiency (DOGE) is under investigation for allegedly stealing data related to millions of US citizens . Canadian retail giant Loblaw also recently reported a “low-level data breach” involving the exposure of customer names, phone numbers, and email addresses .
Emerging AI-Powered Security Solutions
In response to the evolving threat landscape, modern security solutions are emerging. Kevin Mandia, founder of Mandiant, has launched Armadin, a company focused on AI-powered red teaming. Armadin aims to proactively identify vulnerabilities by simulating advanced cyberattacks using AI agents . Mandia emphasizes the need for autonomous defense systems capable of responding to machine-speed attacks.
Ongoing Investigation
Telus Digital is continuing its investigation with the support of cyber forensics experts and law enforcement. The company has pledged to notify any affected customers as the investigation progresses . The full extent of the data compromised and the long-term impact of the breach remain to be seen.