---
title: "TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info | Phish Protection"
description: "TELUS, the Canadian telecom giant, is investigating a potential data breach after a threat actor leaked what appears to be employee data and source code."
image: "https://phishprotection.com/og/blog/telus-launches-investigation-into-potential-data-breach.png"
canonical: "https://phishprotection.com/blog/telus-launches-investigation-into-potential-data-breach/"
---

Quick Answer

TELUS, the Canadian telecom giant, is investigating a potential \[data breach\](/phishing/data-breaches-how-they-impact-small-businesses) after a threat actor leaked what appears to be employee data and source code. TELUS has initiated an investigation in response to the breach to assess the scope of the incident and \*\*safeguard its customers and staff\*\* from any potential risks. Stay updated with the latest developments on this incident with this article as we share what happened, how it happened, and what TELUS is doing.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftelus-launches-investigation-into-potential-data-breach%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=TELUS%20Launches%20Investigation%20After%20Potential%20Data%20Breach%20Leaks%20Source%20Code%20and%20Employee%20Info&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftelus-launches-investigation-into-potential-data-breach%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftelus-launches-investigation-into-potential-data-breach%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftelus-launches-investigation-into-potential-data-breach%2F&title=TELUS%20Launches%20Investigation%20After%20Potential%20Data%20Breach%20Leaks%20Source%20Code%20and%20Employee%20Info "Share on Reddit") [ ](mailto:?subject=TELUS%20Launches%20Investigation%20After%20Potential%20Data%20Breach%20Leaks%20Source%20Code%20and%20Employee%20Info&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Ftelus-launches-investigation-into-potential-data-breach%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/03/anti-phishing-solutions-8467.jpg) 

TELUS, the Canadian telecom giant, is investigating a potential [data breach](/phishing/data-breaches-how-they-impact-small-businesses) after a threat actor leaked what appears to be employee data and source code. TELUS has initiated an investigation in response to the breach to assess the scope of the incident and **safeguard its customers and staff** from any potential risks. Stay updated with the latest developments on this incident with this article as we share what happened, how it happened, and what TELUS is doing.

TELUS, Canada’s second-largest telecommunications organization , is currently investigating a potential data breach after a hacker claimed to have **stolen employee data** and shared samples online. The individual or group responsible for the threat later shared images purporting to display confidential source code repositories and payroll records owned by TELUS.

Although TELUS has not found evidence of stolen [customer data](https://www.livemint.com/news/world/google-fi-confirms-customer-data-breach-by-hackers-11675295193674.html), the organization is taking the incident seriously and actively monitoring the situation. The text will dive deeper into the details of the **potential data breach** and the steps TELUS is taking to address the problem.

![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2023/03/anti-phishing-solutions-8467.jpg) 

### The TELUS Data Breach at a Glance

TELUS, one of the most prominent telecommunications enterprises in Canada, is investigating a possible data breach after a [threat actor](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) shared online samples that appear to be employee data. In addition, the threat actor published screenshots that depict **confidential source code** repositories and payroll records belonging to the organization.

On February 17 , the threat actor put up what they claim is TELUS’ employee list for sale on a data breach forum. The list included names and email addresses, and the threat actor claims to have **stolen internal information** linked to each employee scraped from TELUS’ [API (Application Programming Interface)](https://www.mulesoft.com/resources/api/what-is-an-api).

Although the accuracy of the threat actor’s statements has yet to be verified, the limited group of data shared by the seller includes legitimate names and email addresses of **current TELUS personnel**, particularly those in technical positions such as software developers.

By February 21, the same threat actor had created another forum post offering to sell TELUS’ **private GitHub repositories**, payroll records of its employees, and source code. The threat actor claims that the stolen source code contains the organization’s ” sim-swap-API ,” which could enable adversaries to carry out [SIM swap attacks](https://www.indiatoday.in/technology/features/story/sim-swap-frauds-rising-in-india-how-to-protect-your-sim-by-changing-it-to-esim-2323582-2023-01-19).

Although the threat actor claims to have breached the organization entirely and promises to sell “**everything associated with TELUS**,” it is still too early to confirm whether an incident did indeed occur at TELUS or to rule out that a third-party vendor might have been breached.

### What does TELUS Have to Say About the Breach?

> 

TELUS has yet to post an official statement. However, a TELUS spokesperson[told](https://www.bleepingcomputer.com/news/security/telus-investigating-leak-of-stolen-source-code-employee-data/)BleepingComputer, “We are investigating claims that a small amount of data related to internal TELUS source code and select TELUS team members’ information has appeared on the dark web.”

The organization has not found any retail customer data or corporate information as the spokesperson also clarified, “We can confirm that to this point our investigation, which we launched as soon as we were made aware of the incident, has not identified any corporate or retail customer data.”

### The Threat Actor’s Demand

Security Researcher and Journalist Ax Sharma shared all his findings regarding the TELUS data breach on his[Twitter](https://twitter.com/Ax%5FSharma/status/1628952916831907840?cxt=HHwWgMDRuYODmpstAAAA). The threat actor behind the **TELUS data breach** has yet to be identified, but they are demanding $1-3 million CAD (Canadian Dollar) in Bitcoin and threatening to leak the data that has yet to be posted on breached forums to the general public.

The threat actor conveyed the demand using a\*\* Telegram message\*\* and also shared a **slack profile** as an example of the data with the name, email address, and phone number details of a TELUS Software QA Engineer in JSON format . However, the engineer has not commented on the matter.

### What Does it Mean for the Affected Individuals?

The threat actor claims to have stolen TELUS’s **sim swap API**, which could enable them to carry out large-scale sim swapping attacks.

A SIM swap attack, also referred to as SIM porting or SIM hijacking, is a form of [social engineering](/phishing-awareness/social-engineering-attack-twilio-compromises-employee-accounts-customer-data) where an attacker fraudulently obtains personal information, such as a victim’s name, date of birth, phone number, and account details, to\*\* convince\*\* a mobile phone service provider to transfer the victim’s phone number to a SIM card controlled by the attacker.

Once the attacker gains control of the phone number, they can intercept the victim’s calls and text messages, reset passwords, and access their online accounts, potentially causing **financial or reputational damage**.

SIM Swapping attacks have become\*\* increasingly \*\*common in recent years, with attackers targeting high-profile individuals such as celebrities, executives, and ordinary users through phishing scams or by purchasing personal information on the [dark web](https://www.bloomberg.com/news/articles/2023-03-17/dark-web-breachforums-operator-charged-with-computer-crime). Individuals need to take steps to protect their personal information, such as regularly monitoring their accounts for suspicious activity.

### How to Protect Against SIM Swapping Attacks?

Preventing and detecting SIM swapping can be challenging, but there are steps you can take to **minimize your risk**. Here are some tips:

**_Guard Your Personal Information Carefully:_**Your details can be used to impersonate you, especially during identity verification processes. If your mobile provider asks for personal information to confirm your identity, ensure it’s not easily accessible online. For example, **avoid sharing** your date of birth on public [social media accounts](https://thehackernews.com/2023/02/new-s1deload-malware-hijacking-users.html).

1. **_Use Creative Account Recovery Questions:_**Security questions are often used to verify your identity if you forget your password. However, these questions are easy for attackers to find, making accessing your accounts easier. Make up a **memorable but false** answer that an attacker cannot easily search. You should use a [password manager](/phishing-awareness/password-manager-giant-lastpass-hackers-stole-customer-vault-data-cloud-storage-breach) to store your answers.

**_Avoid Using SMS 2FA when Possible:_**Although SMS 2FA is better than relying on passwords alone, more robust alternatives are available. Ask your bank or service provider if they offer other forms of two-factor authentication, such as **app-based authenticators** that generate new codes every minute or push notifications.

### Keeping Safe Against Phishing and Scams

TELUS has not yet found evidence that corporate or retail customer data has been stolen and is still monitoring the potential incident. However, TELUS employees and customers should **be vigilant** for [phishing](/resources/what-is-phishing) or scam messages targeting them and avoid entertaining such _email, text, or telephone communications._

To protect themselves from phishing scams, customers should be vigilant and cautious of any unsolicited communications they receive. They should **avoid clicking on any links** or downloading any attachments from unknown sources. Instead, it is advisable to independently verify the authenticity of the communication by contacting the supposed sender through their official channels.

![Anti phishing software](https://media.mailhop.org/phishprotection/images/2023/03/anti-phishing-software-7327.jpg) 

### Final Words

The recent potential data breach at TELUS highlights the importance of maintaining robust [cybersecurity](/content/cybersecurity-in-a-nutshell) measures to protect sensitive data. The **leak of source code** and employee information is a serious matter that could have significant consequences for TELUS and its customers. _However, by launching an investigation and taking steps to address the issue, TELUS is demonstrating its commitment to the security and privacy of its data._

Organizations must be proactive in identifying and addressing potential data breaches and implement strong [phishing protection](/) solutions to prevent such incidents from happening in the first place.

Customers must also remain vigilant and protect their personal information to minimize the risk of harm from potential data breaches. By working together and prioritizing cybersecurity, we can all play a role in **safeguarding sensitive data** and preventing unauthorized access or misuse. What the breach will mean for TELUS is a question only the future will answer.

## Topics

[ Cybersecurity ](/tags/cybersecurity/)[ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  American Airlines Suffers Employee Email Data Breach, Personal Information at Risk  Oct 4, 2022 ](/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/)[  Intermediate 5m  BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign  Jan 18, 2023 ](/blog/bitrat-malware-threat-actors-leveraging-stolen-columbian-cooperative-bank-data-in-phishing-campaign/)[  Intermediate 5m  Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000  Feb 20, 2023 ](/blog/find-out-about-the-latest-case-of-threat-actors-utilizing-phishing-as-a-service-to-steal-120000/)[  Intermediate 5m  GoDaddy Customers Beware: Hackers Have Been Stealing Source Code for Years  Mar 6, 2023 ](/blog/godaddy-customers-beware-hackers-have-been-stealing-source-code-for-years/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info","description":"TELUS, the Canadian telecom giant, is investigating a potential data breach after a threat actor leaked what appears to be employee data and source code.","url":"https://phishprotection.com/blog/telus-launches-investigation-into-potential-data-breach/","datePublished":"2023-03-20T12:18:27.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-03-20T12:18:27.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/telus-launches-investigation-into-potential-data-breach/"},"articleSection":"intermediate","keywords":"Cybersecurity, Phishing, Phishing Awareness","wordCount":1277,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/03/anti-phishing-solutions-8467.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What does TELUS Have to Say About the Breach?","acceptedAnswer":{"@type":"Answer","text":">"}},{"@type":"Question","name":"What Does it Mean for the Affected Individuals?","acceptedAnswer":{"@type":"Answer","text":"The threat actor claims to have stolen TELUS's **sim swap API**, which could enable them to carry out"}},{"@type":"Question","name":"How to Protect Against SIM Swapping Attacks?","acceptedAnswer":{"@type":"Answer","text":"Preventing and detecting SIM swapping can be challenging, but there are steps you can take to **minimize your risk**. Here are some tips:"}}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info","item":"https://phishprotection.com/blog/telus-launches-investigation-into-potential-data-breach/"}]}
```