Telus Digital data breach involved about one petabyte of stolen data
LANARK COUNTY — A significant Telus Digital data breach has put the privacy of Lanark County residents at risk. The breach, claimed by the hacking group ShinyHunters, involved the theft of approximately one petabyte of data, roughly 500 billion pages of text, potentially compromising personal and corporate information.
The breach came to light after ShinyHunters claimed to have infiltrated Telus Digital systems over several months. The hackers posted samples of the stolen data, including voice recordings, call metadata, internal source code, and FBI background checks on employees.
“For residents across Lanark County, including Perth, Carleton Place, and Smiths Falls, this breach reveals something more troubling than stolen data. It exposes systemic failures in how telecommunications companies protect customer information,” said cybersecurity analysts following the incident.
How the breach occurred
According to cybersecurity reports, ShinyHunters gained access using Google Cloud Platform credentials discovered in data stolen during a previous breach at Salesloft Drift. One breach cascaded into another through interconnected digital systems.
Business process outsourcing providers like Telus Digital handle customer support, billing, and internal authentication tools for approximately 28 client companies, including banks, tech firms, and major corporations.
The hackers reportedly demanded $65 million in Bitcoin. After their ransom demands went unanswered, the group leaked details of the breach.
The prolonged access suggests monitoring systems failed to detect suspicious activity for months, raising questions about the company’s cybersecurity infrastructure and data protection practices.
Voice recordings pose new threat
The stolen call recordings present a particular concern for Telus customers and residents in Lanark County. Voice phishing attacks have surged by 442 percent over the last year, and AI voice cloning now requires only a few seconds of audio to generate convincing voice clones.
With access to voice recordings and detailed call records, scammers can create highly convincing impersonations of Telus agents. The stolen data includes when calls were placed, their duration, numbers involved, and call quality metadata.
Cybersecurity experts note that 68.33 percent of victims report that interactions with voice phishing attackers felt realistic. Combined with actual account details, these attacks can bypass traditional security checks.
Telus data breach local impact and risks
Rural communities like those in Lanark County, Ontario face unique vulnerabilities during major data breaches. Smaller local institutions often lack dedicated cybersecurity teams, and scammers frequently target communities where trust runs high and digital literacy varies.
According to recent statistics, 68 percent of Americans receive scam phone calls at least weekly. That translates to 2.56 billion scam calls every month in 2025, up from 2.14 billion in 2024.
The Telus data breach amplifies this threat. Hackers now have voice recordings, call patterns, and personal details that can be used to craft localized scams referencing specific neighborhoods, service providers, and actual call histories.
Telus response and timeline
Telus issued a statement confirming they are “actively managing the situation” and “monitoring it closely.” The company states they are notifying impacted individuals “as appropriate.”
Security experts describe recent cyberattacks as “strategic, disciplined, and optimized for maximum leverage” rather than traditional ransomware attacks.
Current breach disclosure practices mean companies often wait to confirm the full scope before notifying customers, leaving a gap where stolen data may already be circulating online.
About ShinyHunters
The FBI describes ShinyHunters’ parent group “the Com” as a primarily English-speaking, international online network whose members engage in various criminal activities. Many members are minors.
ShinyHunters has been linked to recent major breaches affecting Wynn Resorts (800,000+ customer records), SoundCloud (29.8 million accounts), Mercer Advisors (5+ million records), Panera Bread (5 million people), and Dutch telecom Odido (6 million accounts). The group is considered one of the most prolific cyber threat actors in 2026.
Cybersecurity experts warn against paying ransoms to such groups, noting that victims often do not receive what they are promised and may face additional extortion attempts.
In Q1 2026 alone, there were 486 data breach events globally, with data breaches posted on underground forums increasing by 43 percent in 2024.
Steps residents can take
Residents are advised not to wait for an official notification before taking action.
Audit your “My Telus” account. Log in and change your password using a long passphrase that is difficult for automated tools to crack.
Enable multi factor authentication. Even if hackers have your password, they cannot access your account without a secondary code from an authenticator app. However, be aware that ShinyHunters has successfully conducted voice phishing campaigns by impersonating IT support staff to trick people into providing MFA codes.
Monitor your credit and financial accounts. Tools like Have I Been Pwned can help check if your contact information has been leaked. Watch banking statements for unusual activity.
Be skeptical of unexpected contact. If you receive a call or text requesting your Social Insurance Number or credit card details, hang up and call the official Telus customer support line directly to verify.
Cybersecurity experts note that caller ID, voice recognition, and familiar sounding agents can all be spoofed. Fewer than 5 percent of funds lost to sophisticated voice phishing scams are recovered.
Long term risks
Stolen data from breaches like this is often sold on underground markets for years. It gets combined with other breaches to create comprehensive identity profiles and can be used in targeted attacks long after the initial incident.
Voice recordings are particularly valuable because they do not expire. A recording from 2026 could still be useful for deepfake scams in 2028 or beyond.
Call metadata reveals patterns such as when customers typically call support, what issues they have had, and which family members they contact regularly. This information can enable highly personalized social engineering attacks.
Industry security challenges
Cybersecurity analysts note that current regulations do not impose significant consequences for security failures, and companies can claim they took “reasonable measures” while maintaining infrastructure with known vulnerabilities.
The business process outsourcing model creates expanded attack surfaces. Telus Digital serves as a BPO provider for multiple companies, meaning this single breach potentially compromises data across dozens of organizations.
What to expect
Telus has engaged cyber forensics experts and is working with law enforcement. The investigation is expected to continue for months.
Affected individuals will receive notification letters if their data was confirmed compromised. The company will offer credit monitoring services, though these do not address voice based fraud or sophisticated social engineering attacks.
The stolen data will likely be sold on underground forums and combined with other breaches to create comprehensive attack profiles. Sophisticated scammers often wait before launching targeted attacks, giving time for initial concerns to fade.
Residents are advised to hang up and call back using official numbers when receiving any unexpected contact requesting personal or financial information.
Service status
Core Telus telecommunications services remain operational. Cell signal, home internet, and Optik TV continue to function normally.
However, operational services do not mean customer privacy is intact. The breach exposed approximately one petabyte of personal information now circulating in criminal networks, including voice recordings that can be weaponized with AI, call metadata, and personal details.
The incident highlights how supply chain attacks can cascade through interconnected digital systems and how business process outsourcing operations create expanded attack surfaces.
Lanark County residents are urged to take immediate steps to protect their personal information and remain vigilant for suspicious contact in the months ahead.
Keep connected to your community—Read the latest Lanark County news.
