Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data.
TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.
On February 17, a threat actor put up what they claim to be TELUS’ employee list for sale on a data breach forum.
“TELUS employes [sic] from a very recent breach. We have over 76K unique emails and on top of this, we have internal information associated with each employee scraped from Telus’ API,” states the forum post.
Although the threat actor has labeled this a “FULL breach” and promises to sell “Everything associated with Telus,” it is too early to conclude that an incident indeed occurred at TELUS or to rule out a third-party vendor breach.
“We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web,” a TELUS spokesperson said.