Telus investigating sale of alleged code, employee information

Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories.

In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation.

“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” he said in an email. “We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

The first dark web posting by someone named “Sieze” was made on Feb. 17. “Today we’re selling email lists of Telus employees from a very recent breach,” it says. “We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API.”

As proof, this posting includes what appears to be a list of Telus employee email addresses. It isn’t known if these are current or former staff — or even real.

A Feb. 21 posting adds, “We’re bringing you even more from the recent Telus breach!” The poster asks US$7K for the database file of “every person that works at Telus”; US$6K for a payroll file with 770 records of “all of the white collar workers … including the president of Telus”; and US$50K for all of the allegedly copied data, including a list of Telus private Github repositories, subdomains, and screenshots.

Interested buyers are asked to connect to one of two people on the Telegram messaging service.

It’s important to note that it’s not clear whether the data being sold is real, commented Brett Callow, a British Columbia-based threat analyst for Emsisoft. “That said, if it is real, this is a potentially serious incident which exposes Telus’ employees to increased risk of phishing and social engineering and, by extension, exposes the company’s customers’ to risk. The alleged exposure of the private Github repositories, supposedly including a sim-swap API, represents an additional tier of potentially significant risk.”

In 2020, a Telus division called Medisys Health Group was hit by a cyber attack involving customer data. At that time the company said it “securely retrieved the data by making a payment.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs