TELUS, Canada’s second-largest telecom, is investigating a potential data breach after a threat actor claimed to have employee data and private source code repositories belonging to the company. The threat actor posted screenshots showing payroll records and private source code repositories for sale. Although TELUS has not found evidence of corporate or retail customer data being stolen, the company is monitoring the situation.
On February 17, the threat actor put up what they claimed to be TELUS’ employee list for sale on a data breach forum. The seller stated that they had over 76,000 unique emails and additional internal information associated with each employee scraped from TELUS’ API. By February 21, the same threat actor created another forum post, offering to sell TELUS’ private GitHub repositories, source code, and payroll records. The seller claimed that the source code contained the company’s “sim-swap-api” that would enable adversaries to carry out SIM swap attacks.
TELUS stated that they are investigating the claims and have not identified any corporate or retail customer data so far. TELUS employees and customers should be cautious and avoid entertaining phishing or scam messaging targeting them.