Telus, a major communications company in Canada, is investigating a data breach involving the leak of sensitive employee information and source code of the firm’s applications. The breach was uncovered by a security researcher and reported to Telus, who is currently investigating the issue.
What Happened
The breach was uncovered by security researcher, Rajshekhar Rajaharia, who discovered the exposed data online. The exposed data included employee names, titles, phone numbers and email addresses, as well as passwords and source code of the firm’s applications.
Extent of Breach
According to the researcher, the exposed data belonged to hundreds of Telus employees and included sensitive information such as passwords and source code of the company’s applications. The data was hosted on an unsecured Amazon S3 bucket and was not password-protected or encrypted.
Responses
Upon learning of the breach, Telus immediately took action and secured the Amazon S3 bucket. The firm also launched an investigation into the incident and is working with external forensic experts to determine the extent of the breach.
In a statement, Telus said, “We are aware of a security incident involving the unauthorized access of sensitive employee information and source code stored on an unsecured Amazon S3 bucket. We are currently investigating the incident, and have retained external forensic experts to assist in the investigation.”
Recommendations
Telus has advised employees to reset their passwords as an additional security precaution. The firm has also recommended that users enable two-factor authentication on their accounts to further increase their security. Additionally, Telus is providing 24/7 support to employees who may have additional questions or need assistance in resetting their passwords.
Call to Action
Telus is taking all necessary steps to ensure the security of its employees’ data. Share this article to raise awareness of the importance of taking data security seriously.