Breaking news: Telus investigating sale of alleged code, employee information

Share post:

Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories.

In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation.

“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” he said in an email. “We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

The first dark web posting by someone named “Sieze” was made on Feb. 17. “Today we’re selling email lists of Telus employees from a very recent breach,” it says. “We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API.”

As proof, this posting includes what appears to be a list of Telus employee email addresses. It isn’t known if these are current or former staff — or even real.

A Feb. 21 posting adds, “We’re bringing you even more from the recent Telus breach!” The poster asks US$7K for the database file of “every person that works at Telus”; US$6K for a payroll file with 770 records of “all of the white collar workers … including the president of Telus”; and US$50K for all of the allegedly copied data, including a list of Telus private Github repositories, subdomains, and screenshots.

Interested buyers are asked to connect to one of two people on the Telegram messaging service.

It’s important to note that it’s not clear whether the data being sold is real, commented Brett Callow, a British Columbia-based threat analyst for Emsisoft. “That said, if it is real, this is a potentially serious incident which exposes Telus’ employees to increased risk of phishing and social engineering and, by extension, exposes the company’s customers’ to risk. The alleged exposure of the private Github repositories, supposedly including a sim-swap API, represents an additional tier of potentially significant risk.”

In 2020, a Telus division called Medisys Health Group was hit by a cyber attack involving customer data. At that time the company said it “securely retrieved the data by making a payment.”

The post Breaking news: Telus investigating sale of alleged code, employee information first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more. Welcome to Cyber Security...

Google criticizes Microsoft’s security practices in new report

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways