Cybercrime Wave Hits Telus, Travel Rewards, and Tech Giants

What Happened

In a recent wave of cyberattacks, several major companies have fallen victim to data breaches and hacking incidents. Telus Digital, a Canadian business process outsourcing giant, has confirmed a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company. The breach, carried out by threat actors known as ShinyHunters, exposed a wide range of customer data related to Telus' BPO operations, as well as call records for Telus' consumer telecommunications division.

Meanwhile, researchers have discovered a thriving underground market for travel rewards, with hackers stealing loyalty points and selling them on the black market. The monetization model is straightforward, with hackers gaining control over loyalty accounts, usually through malware or phishing attacks, and then converting the points into flights and hotel stays.

Why It Matters

These breaches and attacks highlight the vulnerabilities in data security and loyalty programs, which can have significant financial and reputational consequences for companies. The Telus Digital breach, in particular, is concerning given the company's role as a BPO provider, handling sensitive customer data for multiple companies.

"The breach of Telus Digital is a wake-up call for companies to review their security measures and ensure that they are doing enough to protect their customers' data," said a cybersecurity expert.

What Experts Say

"It's not surprising to see hackers targeting loyalty programs, as they offer a lucrative opportunity for financial gain," said a researcher who has studied the underground market for travel rewards. "Companies need to be more proactive in protecting their customers' loyalty points and monitoring for suspicious activity."

Key Numbers

• 1 petabyte: The amount of data stolen from Telus Digital
• $1-$3 billion: The estimated annual cost of loyalty fraud
• 88: The number of malicious packages discovered in the PhantomRaven supply-chain campaign
• 126+: The number of packages affected in the first wave of the PhantomRaven campaign

Key Facts

• Who: Telus Digital, ShinyHunters, PhantomRaven
• What: Data breach, hacking incident, supply-chain attack
• When: February 2026 (PhantomRaven), March 2026 (Telus Digital breach)
• Where: Canada (Telus Digital), global (PhantomRaven)
• Impact: Exposure of sensitive customer data, financial loss

What Comes Next

As companies continue to grapple with the fallout from these breaches and attacks, it's clear that cybersecurity needs to be a top priority. "Companies need to be more proactive in protecting their customers' data and monitoring for suspicious activity," said a cybersecurity expert. "This includes implementing robust security measures, such as multi-factor authentication and encryption, and regularly reviewing their security protocols to ensure they are up-to-date."