Telus Digital Admits to Cyberattack as ShinyHunters Claim Petabyte-Scale Data Theft

The Canadian outsourcer confirms a breach while the notorious hacking group says it stole vast quantities of customer data

Zotpaper•Monday 16 March 2026 at 10:02 am•2 min read

Telus Digital, one of Canada's largest business process outsourcers, has confirmed it was the victim of a cyberattack, with the notorious ShinyHunters hacking group claiming to have exfiltrated up to a petabyte of data from the company's systems.

The breach disclosure comes amid a wave of high-profile attacks targeting outsourcing firms, which handle sensitive data for hundreds of enterprise clients. Telus Digital acknowledged the incident in a statement on its website but provided limited details about the scope of the compromise.

ShinyHunters, a prolific data theft group responsible for previous breaches at companies including Microsoft, Samsung and AT&T, claims the haul includes customer records, internal documents and operational data. A petabyte of stolen data would make this one of the largest breaches in recent history by volume.

The timing is particularly concerning given that Citrix's CISO has separately urged organisations to accelerate patching cycles, and Mandiant's founder has revealed new AI-powered red-teaming technology designed to simulate exactly these kinds of attacks.

Analysis

Why This Matters

Telus Digital handles data for major enterprises across multiple industries. A petabyte-scale breach at an outsourcer means the blast radius extends far beyond the company itself — every client whose data was processed through Telus systems is potentially affected.

Background

ShinyHunters has been one of the most active data theft groups since 2020, typically selling stolen databases on dark web forums. Their involvement signals this is likely a financially motivated attack rather than state-sponsored espionage.

Key Perspectives

The outsourcing industry has become an increasingly attractive target because a single breach can yield data from dozens of enterprise clients. Security researchers have warned that many outsourcers lag behind their clients in security investment despite handling equally sensitive data.

What to Watch

The full scope of affected clients and data types has not been disclosed. Regulatory investigations in Canada and potentially the EU are likely.

Sources

Telus admits to cyberattack, may have lost petabyte of data to ShinyHunters