Share this article on:
A hacker has claimed to have accessed employee details belonging to the Canadian telecommunications company Telus and is selling the data on the dark web.
“Today we’re selling email lists of Telus employees from a very recent breach,” the hacker said in a post on 17 February. “We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API.”
In a second post on 21 February, the hacker — named Sieze — claimed to have more data for sale, including payroll details and listings of the telco’s private GitHub repositories.
The hacker is asking for US$50,000 for the data, US$6,000 for the payroll data, and US$7,000 for a database of “every person that works at Telus”.
Telus has not made any official statement of its own, but did respond to a Canadian news site when asked about the apparent hack.
“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” Richard Gilhooley, the company’s director of public affairs, told IT World Canada.
“We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”
If the data breach is real, it will mark the second such incident that Telus has suffered. It fell victim to a ransomware attack in 2020 that saw customer details breached.
“As our primary objective is to protect the privacy of our clients, we worked closely with cyber security experts to securely retrieve the impacted data by making a ransom payment,” Telus said at the time.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.