Staff AI Engineer

Data exposures surge as threat actors target consumer identity platforms. This week revealed massive exposure of North American consumer data, highlighted by the alleged Infutor breach affecting 676 million records and FBI surveillance systems being compromised. Multiple retail giants including Loblaw and enterprise data processors fell victim to targeted attacks, demonstrating threat actors' shift toward high-value identity brokers and critical infrastructure. LeakTrace Intelligence Team Published March 18, 2026 · LeakTrace Intelligence Team The week of March 13-19, 2026 marks a concerning escalation in threat actor targeting of consumer identity platforms and critical infrastructure. Multiple high-impact incidents emerged, signaling a strategic shift toward data sources that enable large-scale identity theft and financial fraud across North America. Infutor exposure potentially impacts 676 million Americans. The most significant incident involves Infutor, where threat actors claim to have exposed 676,798,866 unique records of American citizens. The allegedly compromised data includes full names, dates of birth, physical addresses, phone numbers, and Social Security numbers for hundreds of millions of American citizens, including deceased individuals. Infutor operates as a consumer identity management provider owned by Verisk, offering data-driven consumer intelligence to brands, marketers, and data platforms. The breach surfaced on underground forums on March 8, 2026, posted by a threat actor known as Spirigatito. While verification is ongoing, the scale represents one of the largest consumer data exposures ever documented. Canadian retail giant Loblaw confirms network breach. Canadian retailer Loblaw disclosed a data breach after threat actors gained access to customer information, with attackers accessing basic customer information such as names, email addresses, and phone numbers. Loblaw is one of Canada's largest food and pharmacy retailers, operating over 2,400 stores across Canada and owning brands such as Shoppers Drug Mart, No Frills, Real Canadian Superstore, and President's Choice. Cybercrime tracker Dark Web Informer alleges that the data breach is much wider in scope than the company has shared, with a hacker allegedly threatening to publicly leak all data if the company does not respond by March 19. FBI surveillance systems compromised by threat actors. The FBI became a victim of a cyber attack that affected its systems used to manage surveillance and wiretap warrants, with the nature and quantity of data compromised currently under investigation. This incident represents a direct compromise of federal law enforcement infrastructure and demonstrates threat actors' growing capability to penetrate highly secured government systems. Additionally, TELUS Digital confirmed it became a victim of a cyber attack orchestrated by the ShinyHunterz ransomware group, with the cyberattack compromising 1 petabyte of data belonging to its BPO customers, source codes, FBI background checks, financial information, voice recordings, and Salesforce data for various companies. What individuals should do. North American individuals should immediately place fraud alerts on their credit reports through all three major credit bureaus, as the combination of Social Security numbers and personal details from these breaches creates significant identity theft risk. Monitor financial accounts and credit reports weekly for unauthorized activity, particularly focusing on new account openings or unfamiliar transactions. Be especially cautious of phishing attempts that may reference recent purchases or account activity, as threat actors will likely use the stolen contact information for targeted social engineering campaigns. What Businesses should do. Organizations must immediately audit their third-party data relationships, particularly with identity verification and consumer intelligence providers. Implement enhanced monitoring for credential stuffing attacks and account takeover attempts, as the volume of exposed personal information enables sophisticated social engineering against employees and customers. Review and strengthen access controls for surveillance and warrant management systems if applicable, following the FBI incident. Consider implementing additional verification steps for high-risk account changes, as traditional identity verification questions may now be compromised for millions of North Americans. Action for Individuals Place fraud alerts on your credit reports immediately through all three bureaus, as the massive exposure of Social Security numbers creates unprecedented identity theft risk. Action for Businesses Audit all third-party data relationships and implement enhanced monitoring for credential stuffing attacks, as the scale of exposed personal information enables sophisticated social engineering campaigns. Related Intelligence

Telus Digital confirms security incident as ShinyHunters claims 1PB data theft. Canadian business process outsourcing provider Telus Digital has confirmed a cybersecurity incident involving unauthorized access to internal systems, after threat actors claimed they stole close to one petabyte of company and customer data during a prolonged breach. The confirmation came through a statement from Telus to BleepingComputer, in which the company said it is currently investigating the scope of the intrusion and determining which customers may have been impacted. According to the company, the breach affected a "limited number of systems," and there is currently no evidence that customer connectivity or core services were disrupted. The breach has been claimed by ShinyHunters, a long-running cybercrime collective responsible for numerous high-profile data theft campaigns. The group has been particularly active in recent months, targeting enterprise SaaS environments such as Salesforce, Google Workspace, and Microsoft 365. Telus Digital is the digital services and outsourcing arm of Canadian telecommunications provider Telus. The company provides customer support operations, content moderation, fraud detection services, and AI data processing to organizations worldwide. ShinyHunters claims 1PB data breach. The attackers told CyberInsider they accessed Telus infrastructure using Google Cloud Platform (GCP) credentials obtained from previously stolen data in the Salesloft Drift breach. That earlier incident exposed Salesforce data from roughly 760 organizations. Support tickets within the stolen datasets reportedly contained credentials, authentication tokens, and other secrets that attackers later used to compromise additional systems across multiple companies. The threat actors say they identified Telus GCP credentials inside the Drift dataset and used them to access internal cloud resources, including a large BigQuery environment storing operational data. After extracting information from the environment, they reportedly ran the security scanning tool TruffleHog against the dataset to locate additional credentials embedded in files and logs. Using those newly discovered secrets, the attackers claim they pivoted into additional Telus systems and expanded their access across multiple internal environments. In total, the group claims it exfiltrated nearly one petabyte of data associated with Telus and companies that rely on its outsourcing services. The exact volume of stolen data has not been independently verified. The attackers said the compromised information spans a wide range of operational datasets related to Telus Digital's BPO services. These allegedly include customer support records, call center operations data, agent performance metrics, AI-driven support tooling, fraud detection systems, and content moderation infrastructure used by client companies. The group also claims to have obtained more sensitive internal material, including: * Source code repositories * Salesforce datasets * Financial records * FBI background check documents * Voice recordings of customer support calls In addition to outsourcing-related data, the breach reportedly affected parts of Telus' telecommunications operations. According to the attackers, the stolen datasets include consumer call records and call metadata tied to the company's fixed-line services. The attackers said they began extorting Telus in February, demanding $65 million in exchange for not releasing the stolen information. According to unnamed sources, the company did not engage with the extortionists. Telus stated that it has implemented additional security measures and engaged external cyber-forensics specialists to assist with the investigation while coordinating with law enforcement authorities. The company said it will notify affected customers as more information becomes available, but as of this writing, it has not published anything on its newsroom or social media channels.

4sysops - The online community for sys and AI ops * michael pietroforte posted an update 1 hours, 44 minutes ago telus digital confirms breach after hacker claims 1 petabyte data theft | bleepingcomputer telus digital has confirmed a significant security breach following claims by threat actors that nearly one petabyte of data was exfiltrated. The incident involves unauthorized access to systems within the company's business process outsourcing division and its consumer telecommunications branch. While business operations remain functional, investigators are currently determining the full extent of the data loss and the specific customers affected. The breach originated from the use of compromised google cloud platform credentials discovered in a previous third-party data leak. Attackers utilized these credentials to access a large bigquery instance and subsequently employed the tool trufflehog to locate additional secrets within the environment. This lateral movement allowed the threat actors to pivot into various internal systems and download extensive datasets over several months. Stolen information reportedly includes customer support records, call metadata, source code, and internal authentication secrets. The exposure of business process outsourcing data is particularly critical for administrators as it may involve integrated tools like salesforce and internal authentication platforms. Organizations utilizing these outsourced services should monitor for secondary compromises and review their cloud credential management policies. Summary by gemini 3 flash preview source: telus digital confirms breach after hacker claims 1 petabyte data theft | bleepingcomputer inventory and PC auditing - hardware and software - windows, linux, vmware, macos download total network inventory now! Ad read 4sysops without ads for free all IT and AI news 0 * join the 4sysops community: free access to it-enhanced AI, no ads, post and comment on news, connect with IT pros! Chat with 4sysops AI about telus digital confirms breach after hacker claims 1 petabyte data theft | bleepingcomputer. Follow 4sysops. (C) 4sysops 2006 - 2026