Someone on a criminal forum is selling what they claim is data on all Telus employees, as well as the Canadian telecommunications company’s GitHub software code repositories.
In response to an IT World Canada reporter’s query about the posting, Telus director of public affairs Richard Gilhooley said the company is looking into the allegation.
“We are investigating claims that a small amount of data related to internal Telus source code and select Telus team members’ information has appeared on the dark web,” he said in an email. “We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”
The first dark web posting by someone named “Sieze” was made on Feb. 17. “Today we’re selling email lists of Telus employees from a very recent breach,” it says. “We have over 76k unique emails and on top of this have internal information associated with each employee scraped from Telus’ API.”
As proof, this posting includes what appears to be a list of Telus employee email addresses. It isn’t known if these are current or former staff — or even real.
A Feb. 21 posting adds, “We’re bringing you even more from the recent Telus breach!” The poster asks US$7K for the database file of “every person that works at Telus”; US$6K for a payroll file with 770 records of “all of the white collar workers … including the president of Telus”; and US$50K for all of the allegedly copied data, including a list of Telus private Github repositories, subdomains, and screenshots.
Interested buyers are asked to connect to one of two people on the Telegram messaging service.
It’s important to note that it’s not clear whether the data being sold is real, commented Brett Callow, a British Columbia-based threat analyst for Emsisoft. “That said, if it is real, this is a potentially serious incident which exposes Telus’ employees to increased risk of phishing and social engineering and, by extension, exposes the company’s customers’ to risk. The alleged exposure of the private Github repositories, supposedly including a sim-swap API, represents an additional tier of potentially significant risk.”
In 2020, a Telus division called Medisys Health Group was hit by a cyber attack involving customer data. At that time the company said it “securely retrieved the data by making a payment.”