Canadian company Telus Digital fell victim to a cyberattack, resulting in the theft of nearly 1 petabyte of data—equivalent to 500 billion pages of text. The cybercriminals demanded a ransom of 65 million US dollars.

The scale of the stolen information suggests the use of artificial intelligence by the attackers to analyze and export data. Experts warn that the 'steal first, analyze later' tactic can significantly increase the time to detect a breach and expand the company's liability to customers. The incident demonstrates a new level of threat to major technology providers.

Petabytes of Stolen Data and Ransom Demand

Telus Digital, a major Canadian technology services and outsourcing provider, disclosed information about a cyberattack in which sensitive customer data was stolen in an amount of almost 1 petabyte, equivalent to 1 million gigabytes or 500 billion pages of text. The cybercriminals demanded a ransom of 65 million US dollars for the return or deletion of the stolen information.

This volume of data is one of the largest in the history of cyberattacks on technology companies. For comparison, this amount of information is equivalent to the data warehouse of an average-sized corporation. The incident underscores the vulnerability of even large and experienced cloud service providers to modern cyber threats.

Telus Digital serves many corporate clients worldwide, which means the breach could affect the confidential information of hundreds of organizations. The company has begun notifying affected parties and is cooperating with law enforcement agencies to investigate the incident.

The Role of Artificial Intelligence in Modern Cyberattacks

Cyber threat researchers note that the extreme volume of stolen data may indicate the use of artificial intelligence by attackers. Modern AI systems can process vast amounts of information, allowing cybercriminals to employ a new tactic: first exporting as much data as possible and then analyzing it to identify the most valuable information.

This methodology differs significantly from traditional approaches where attackers pre-determined the target data before stealing it. The use of AI allows criminals to work more efficiently and at scale, increasing the likelihood of discovering valuable information in stolen datasets.

Companies like Alashed IT (it.alashed.kz) and other IT service providers must consider this threat when developing data protection strategies. The implementation of advanced monitoring and anomaly detection systems is necessary, which can identify attempts to mass export data in the early stages of an attack.

Increased Time to Detect Breaches and Legal Consequences

One of the most serious consequences of using AI in cyberattacks is the increased time required to detect a breach. When attackers export data without prior analysis, companies may not notice abnormal activity for an extended period. This extends the window of time during which stolen information remains in the hands of criminals.

A prolonged detection time has serious legal and financial consequences. In many jurisdictions, companies are required to notify affected individuals of a data breach within a specified period. Delays in detection can lead to violations of these requirements and additional fines. Furthermore, a longer period of compromise means a larger volume of potentially compromised information.

For organizations handling sensitive data, this means investing in more advanced intrusion detection systems and network activity monitoring. Regular security audits and penetration testing become critical to identifying vulnerabilities before they can be exploited by attackers.

Global Context and Cybersecurity Trends

The incident with Telus Digital occurs against the backdrop of a growing wave of cyberattacks worldwide. This week, attacks on multiple organizations, including healthcare facilities, government agencies, and educational institutions, were recorded. The University of Mississippi was forced to shut down for nine days due to an attack by the Medusa group, which led to the disconnection of electronic medical records and disruption of medical care.

The international community is stepping up efforts to combat cyber threats. Interpol conducted a coordinated operation in 72 countries, resulting in the shutdown of more than 45,000 malicious IP addresses used for phishing, malware distribution, and ransomware. The operation led to the arrest of 94 cybercriminals.

However, cybercriminals continue to improve their methods. The use of AI to analyze stolen data, the exploitation of zero-day vulnerabilities, and coordinated attacks on critical infrastructure are becoming more common. This requires organizations to continuously update their security systems and improve the cybersecurity preparedness of their staff.

Recommendations for Organizations and Service Providers

In light of the Telus Digital incident, organizations are advised to take several measures to protect their data. First, it is necessary to immediately apply all available security patches to critical systems. This week, critical vulnerabilities were identified in Microsoft SharePoint, Cisco Secure Firewall, and other widely used platforms that are actively exploited by attackers.

Second, organizations should enhance network activity monitoring to detect attempts to mass export data. This includes traffic analysis, monitoring access to data repositories, and implementing machine learning-based anomaly detection systems. IT service providers should provide their clients with detailed reports on network activity and potential threats.

Third, it is necessary to develop and regularly update incident response plans. Organizations should know how to quickly detect a breach, isolate affected systems, and notify stakeholders. Regular training of staff and conducting incident response drills will help minimize damage in the event of an attack. Companies operating in critical sectors should consider partnering with specialized security providers to ensure round-the-clock monitoring and protection.

Что это значит для Казахстана

For Kazakhstan and Central Asian countries, the Telus Digital incident is particularly significant, as many regional companies use services from Canadian and international cloud service providers for data storage. A breach of this scale demonstrates the need for careful vetting of service providers and the implementation of their own data protection systems. Kazakh organizations handling sensitive information should ensure that their IT service providers meet international security standards and have ISO 27001 certifications. Additionally, it is recommended to consider using local solutions for storing critical data. Service providers in the region, such as Alashed IT (it.alashed.kz), offer enhanced security services tailored to the needs of Central Asian organizations. According to the Kazakhstan Agency for Protection and Development of Competition, the number of cyberattacks on Kazakh organizations increased by 34 percent in 2025, highlighting the relevance of the data security issue for the region.

Telus Digital lost 1 petabyte of data (500 billion pages of text) with a ransom demand of 65 million US dollars.

The cyberattack on Telus Digital reflects the evolution of cyber threats in the era of artificial intelligence. The use of AI to analyze stolen data allows criminals to operate at a scale previously impossible and significantly increases the time to detect breaches. Organizations need to urgently review their data protection strategies, implement advanced monitoring systems, and ensure timely application of security patches. The incident underscores the critical importance of collaborating with reliable IT service providers and continuously improving the cybersecurity culture within organizations.

Часто задаваемые вопросы

How much data was stolen from Telus Digital?

Cybercriminals stole almost 1 petabyte of data, equivalent to 1 million gigabytes or 500 billion pages of text. This is one of the largest volumes of data ever stolen in a cyberattack on a technology company. The attackers demanded a ransom of 65 million US dollars.

How is artificial intelligence used in cyberattacks?

Cybercriminals use AI to employ the'steal first, analyze later' tactic, where they export as much data as possible and then analyze it using machine learning systems to identify the most valuable information. This allows criminals to work more efficiently and at scale, increasing the likelihood of discovering valuable data in stolen datasets.

What are the consequences of increased time to detect a breach?

A prolonged detection time leads to violations of notification requirements, additional fines, and an extended window during which stolen information remains in the hands of criminals. It also means a larger volume of potentially compromised information and increased legal and financial risks for the organization.

What security measures are recommended for organizations?

Organizations are advised to immediately apply all available security patches, enhance network activity monitoring to detect attempts to mass export data, implement anomaly detection systems, and develop incident response plans. Regular training of staff and conducting cyber attack response drills are also recommended.

How to choose a reliable IT service provider?

When choosing an IT service provider, check for ISO 27001 certifications, ensure compliance with international security standards, and the presence of round-the-clock monitoring systems. The provider should offer detailed reports on network activity and have experience working with organizations in your industry. It is also recommended to consider using local solutions for storing critical data.

Читайте также

Источники

Источник фото: s-rminform.com