TELUS, the Canadian telecom giant, is investigating a potential data breach after a threat actor leaked what appears to be employee data and source code. TELUS has initiated an investigation in response to the breach to assess the scope of the incident and safeguard its customers and staff from any potential risks. Stay updated with the latest developments on this incident with this article as we share what happened, how it happened, and what TELUS is doing.
TELUS, Canada’s second-largest telecommunications organization, is currently investigating a potential data breach after a hacker claimed to have stolen employee data and shared samples online. The individual or group responsible for the threat later shared images purporting to display confidential source code repositories and payroll records owned by TELUS.
Although TELUS has not found evidence of stolen customer data, the organization is taking the incident seriously and actively monitoring the situation. The text will dive deeper into the details of the potential data breach and the steps TELUS is taking to address the problem.
The TELUS Data Breach at a Glance
TELUS, one of the most prominent telecommunications enterprises in Canada, is investigating a possible data breach after a threat actor shared online samples that appear to be employee data. In addition, the threat actor published screenshots that depict confidential source code repositories and payroll records belonging to the organization.
On February 17, the threat actor put up what they claim is TELUS’ employee list for sale on a data breach forum. The list included names and email addresses, and the threat actor claims to have stolen internal information linked to each employee scraped from TELUS’ API (Application Programming Interface).
Although the accuracy of the threat actor’s statements has yet to be verified, the limited group of data shared by the seller includes legitimate names and email addresses of current TELUS personnel, particularly those in technical positions such as software developers.
By February 21, the same threat actor had created another forum post offering to sell TELUS’ private GitHub repositories, payroll records of its employees, and source code. The threat actor claims that the stolen source code contains the organization’s “sim-swap-API,” which could enable adversaries to carry out SIM swap attacks.
Although the threat actor claims to have breached the organization entirely and promises to sell “everything associated with TELUS,” it is still too early to confirm whether an incident did indeed occur at TELUS or to rule out that a third-party vendor might have been breached.
What does TELUS Have to Say About the Breach?
TELUS has yet to post an official statement. However, a TELUS spokesperson told BleepingComputer, “We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web.”
The organization has not found any retail customer data or corporate information as the spokesperson also clarified, “We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”
The Threat Actor’s Demand
Security Researcher and Journalist Ax Sharma shared all his findings regarding the TELUS data breach on his Twitter. The threat actor behind the TELUS data breach has yet to be identified, but they are demanding $1-3 million CAD (Canadian Dollar) in Bitcoin and threatening to leak the data that has yet to be posted on breached forums to the general public.
The threat actor conveyed the demand using a Telegram message and also shared a slack profile as an example of the data with the name, email address, and phone number details of a TELUS Software QA Engineer in JSON format. However, the engineer has not commented on the matter.
What Does it Mean for the Affected Individuals?
The threat actor claims to have stolen TELUS’s sim swap API, which could enable them to carry out large-scale sim swapping attacks.
A SIM swap attack, also referred to as SIM porting or SIM hijacking, is a form of social engineering where an attacker fraudulently obtains personal information, such as a victim’s name, date of birth, phone number, and account details, to convince a mobile phone service provider to transfer the victim’s phone number to a SIM card controlled by the attacker.
Once the attacker gains control of the phone number, they can intercept the victim’s calls and text messages, reset passwords, and access their online accounts, potentially causing financial or reputational damage.
SIM Swapping attacks have become increasingly common in recent years, with attackers targeting high-profile individuals such as celebrities, executives, and ordinary users through phishing scams or by purchasing personal information on the dark web. Individuals need to take steps to protect their personal information, such as regularly monitoring their accounts for suspicious activity.
How to Protect Against SIM Swapping Attacks?
Preventing and detecting SIM swapping can be challenging, but there are steps you can take to minimize your risk. Here are some tips:
1. Guard Your Personal Information Carefully: Your details can be used to impersonate you, especially during identity verification processes. If your mobile provider asks for personal information to confirm your identity, ensure it’s not easily accessible online. For example, avoid sharing your date of birth on public social media accounts.
2. Use Creative Account Recovery Questions: Security questions are often used to verify your identity if you forget your password. However, these questions are easy for attackers to find, making accessing your accounts easier. Make up a memorable but false answer that an attacker cannot easily search. You should use a password manager to store your answers.
3. Avoid Using SMS 2FA when Possible: Although SMS 2FA is better than relying on passwords alone, more robust alternatives are available. Ask your bank or service provider if they offer other forms of two-factor authentication, such as app-based authenticators that generate new codes every minute or push notifications.
Keeping Safe Against Phishing and Scams
TELUS has not yet found evidence that corporate or retail customer data has been stolen and is still monitoring the potential incident. However, TELUS employees and customers should be vigilant for phishing or scam messages targeting them and avoid entertaining such email, text, or telephone communications.
To protect themselves from phishing scams, customers should be vigilant and cautious of any unsolicited communications they receive. They should avoid clicking on any links or downloading any attachments from unknown sources. Instead, it is advisable to independently verify the authenticity of the communication by contacting the supposed sender through their official channels.
The recent potential data breach at TELUS highlights the importance of maintaining robust cybersecurity measures to protect sensitive data. The leak of source code and employee information is a serious matter that could have significant consequences for TELUS and its customers. However, by launching an investigation and taking steps to address the issue, TELUS is demonstrating its commitment to the security and privacy of its data.
Organizations must be proactive in identifying and addressing potential data breaches and implement strong phishing protection solutions to prevent such incidents from happening in the first place.
Customers must also remain vigilant and protect their personal information to minimize the risk of harm from potential data breaches. By working together and prioritizing cybersecurity, we can all play a role in safeguarding sensitive data and preventing unauthorized access or misuse. What the breach will mean for TELUS is a question only the future will answer.