Telus Digital investigates cyberattack on ‘limited number’ of its systems — employees and customers seek answers
In a glassed conference room where screens usually show service dashboards, a manager tapped a report and asked whether telus Digital could guarantee customer data was safe. The question hung in the air as IT staff reviewed logs and outside forensics teams prepared to deepen an investigation that the company says involved unauthorized access to a limited number of systems.
What has Telus said about the incident?
Spokesman Richard Gilhooley said Telus Digital’s operations remain fully operational and there is no evidence of disruption to customer connectivity or services. He said the company has taken immediate steps to prevent further intrusion, is working with law enforcement, and that cyber forensics experts are supporting the investigation. Gilhooley added the company will notify any customers who may have been affected as the investigation progresses.
Who is being blamed and what do experts warn?
The criminal group ShinyHunters has claimed responsibility and said it stole a large quantity of data, including what it described as nearly one petabyte of information, and demanded a ransom in exchange for not leaking that data. Security professionals have cautioned against paying such ransoms. Allison Nixon, chief research officer at Unit 221B, said, “Categorically, paying Com ransomware groups is pointless. They fundamentally don’t understand what made the Russian ransom business model work, and victims don’t get what they are promised, so Com extorters don’t deserve a dime of your money. ” Nixon noted the group often resorts to threats and harassment when data theft alone is not enough to compel payment.
How does this affect customers and the business?
Company statements emphasize there is no current evidence of service disruption, and that Telus Digital remains operational while securing systems against further intrusion. The company also highlighted a recent corporate step: last September it signed a deal to acquire the shares of Telus Digital it did not already own for a total of US$539 million. That acquisition context places the digital arm squarely within broader corporate oversight as the investigation continues. Customers will be notified if investigations determine their data was affected, and the firm says it is monitoring the situation closely while collaborating with authorities.
For employees in technical and customer-facing roles, the immediate work is triage: lock compromised access points, confirm the scope of the breach, and support law enforcement inquiries. For customers, the promise of notification is the clearest tangible commitment so far, even as uncertainty remains about what specific records may have been accessed.
What steps are being taken now and what remains uncertain?
Telus Digital has engaged cyber forensics experts and is working with law enforcement to investigate the intrusion and prevent further activity. The company has said it took immediate steps to secure systems. Beyond those actions, there are open questions: the full scope of data accessed is still under review, and the veracity of the extortion claims by ShinyHunters remains part of the investigation. Experts cited in the wake of the incident recommend against paying extortion demands and urge thorough forensic validation before any public disclosure about affected records.
Back in the conference room, staff rotated shifts through the screens, each new log search offering a small piece of certainty. The promise to notify affected customers is intended to close the loop on immediate risk, but the deeper forensic work and law enforcement collaboration will determine whether the breach was contained and whether promised data theft will be proved. As the investigation continues, employees and customers alike are watching for firm answers and practical protections.
