Breaking news: Telus investigating sale of alleged code, employee information

Share post:

Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories.

In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation.

“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” he said in an email. “We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

The first dark web posting by someone named “Sieze” was made on Feb. 17. “Today we’re selling email lists of Telus employees from a very recent breach,” it says. “We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API.”

As proof, this posting includes what appears to be a list of Telus employee email addresses. It isn’t known if these are current or former staff — or even real.

A Feb. 21 posting adds, “We’re bringing you even more from the recent Telus breach!” The poster asks US$7K for the database file of “every person that works at Telus”; US$6K for a payroll file with 770 records of “all of the white collar workers … including the president of Telus”; and US$50K for all of the allegedly copied data, including a list of Telus private Github repositories, subdomains, and screenshots.

Interested buyers are asked to connect to one of two people on the Telegram messaging service.

It’s important to note that it’s not clear whether the data being sold is real, commented Brett Callow, a British Columbia-based threat analyst for Emsisoft. “That said, if it is real, this is a potentially serious incident which exposes Telus’ employees to increased risk of phishing and social engineering and, by extension, exposes the company’s customers’ to risk. The alleged exposure of the private Github repositories, supposedly including a sim-swap API, represents an additional tier of potentially significant risk.”

In 2020, a Telus division called Medisys Health Group was hit by a cyber attack involving customer data. At that time the company said it “securely retrieved the data by making a payment.”

The post Breaking news: Telus investigating sale of alleged code, employee information first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways