TELUS cyber security incident overview
We have concluded our investigation of this incident and have discovered that no systems used to support our customers were impacted, and that TELUS Health and TELUS Agriculture & Consumer Goods were not impacted in any way.
We also discovered that a small amount of customer data may have been accessed by an unauthorized third party. While our ongoing monitoring has not discovered evidence of any personal information appearing in any public forum, we will be notifying impacted customers in the coming days.
We are actively engaged in an ongoing investigation of TELUS data appearing on the dark web. At this time, we can confirm that no systems used to support our customers were impacted, and that TELUS Health and TELUS Agriculture & Consumer Goods were not impacted in any way.
Incident resulted from cyber criminals targeting team member login credentials
The incident was the result of the theft of team member passwords and two-factor authentication (2FA) codes, which led to unauthorized access to limited portions of our internal systems.
No unauthorized access to corporate or retail systems
In this incident, our other security controls were successful and the unauthorized access was limited to TELUS team member portals and did not extend to our corporate or retail network where customer systems and data reside.
We are taking this incident very seriously, and we want customers and team members to know that the TELUS Security team is engaged and working hard to investigate.