This was a brutal week for data security. A Canadian telecom giant lost nearly a petabyte of data. America’s largest coffee chain had its HR platform breached. Canada’s biggest retailer forced emergency account logouts. An ambulance service exposed a quarter million patients. And a government contractor’s ransomware incident from December is now triggering class-action lawsuits.

Here’s everything that happened — and what it means for your organization.

🔴 Telus Digital: Nearly 1 Petabyte Stolen by ShinyHunters

Severity: Critical | Confirmed: March 12, 2026

The biggest breach of the week — and potentially one of the largest data thefts in history by sheer volume.

Telus Digital, the business process outsourcing (BPO) arm of Canada’s second-largest telecommunications company, confirmed that threat actors gained “unauthorized access to a limited number of our systems.” That careful language dramatically understates the scope: ShinyHunters, the notorious hacking group, claims to have stolen close to 1 petabyte (1,000 terabytes) of data over several months.

How it happened: ShinyHunters told BleepingComputer they found Google Cloud Platform credentials for Telus buried in data stolen during the earlier Salesloft Drift breach — where threat actors downloaded Salesforce data for 760 companies. They used those credentials to access Telus systems, then used trufflehog (a security tool designed to find secrets in code) to discover additional credentials and pivot deeper.

What was stolen:

  • Customer data from Telus’ BPO operations (they handle support for at least 28 major companies)
  • Call records for Telus’ consumer telecommunications division
  • Source code
  • FBI background checks
  • Financial information
  • Voice recordings of support calls
  • Agent performance ratings
  • AI-powered customer support tool data

The extortion: ShinyHunters reportedly demanded $65 million. Telus refused to negotiate. The stolen data represents not just Telus’ own information, but potentially the customer data of every company that outsources operations through Telus Digital.

Why it matters for CISOs: This is a textbook supply chain breach. If you use any BPO provider for customer support, content moderation, or operational services, your data may be sitting in someone else’s compromised environment. The Salesloft Drift → Telus chain demonstrates how a single credential exposure can cascade through multiple organizations.

🟠 Loblaw: Canada’s Retail Giant Forces Emergency Logouts

Severity: High | Confirmed: March 12-13, 2026

Loblaw Companies Limited — Canada’s largest food retailer, operating over 2,400 stores under brands like Loblaws, No Frills, Shoppers Drug Mart, and T&T Supermarket — disclosed unauthorized access affecting customer information.

The company forced emergency account logouts and password resets across its digital services, including loyalty programs and pharmacy portals. No public extortion claim has been confirmed, but the forced reauthentication signals the company believes credential data may have been compromised.

What makes this concerning: Loblaw’s ecosystem includes not just grocery loyalty data, but Shoppers Drug Mart pharmacy records and the PC Financial services platform. A breach touching any of these systems could expose health information, financial data, and detailed purchasing histories for millions of Canadians.

Defender takeaway: Retail loyalty programs aggregate enormous amounts of personal data. When coupled with pharmacy and financial services, a single breach can expose the complete consumer profile. Monitor for credential stuffing attacks leveraging any leaked Loblaw data.

🟠 Starbucks: HR Platform Breach Exposes Employee Data

Severity: High | Confirmed: March 13, 2026

Starbucks revealed that its HR and workplace platform was attacked, with sensitive employee data extracted. While the company hasn’t disclosed the full scope, TechRadar reports that hundreds of employees are potentially affected.

The attack targeted the company’s HR technology stack rather than its customer-facing systems — a reminder that employee data is often stored in third-party platforms with their own security postures.

What was likely exposed: Based on typical HR platform data, potentially affected information includes Social Security numbers, salary information, tax documents, benefits enrollment data, performance reviews, and personal contact information.

Why this matters: HR platform breaches are particularly damaging because the data is ideal for identity theft and tax fraud. Unlike customer breaches where payment cards can be reissued, compromised SSNs and tax information create long-term identity risk that’s nearly impossible to remediate.

🟡 Bell Ambulance: 237,000 Patients Impacted by Ransomware

Severity: High | Confirmed: March 2026

Bell Ambulance, a Wisconsin-based emergency medical services provider, disclosed that a ransomware attack impacted over 237,000 individuals. The breach exposed the kind of data that’s most sensitive — and most valuable on dark web marketplaces.

Likely exposed data: Patient names, dates of birth, Social Security numbers, medical record numbers, diagnosis and treatment information, health insurance details, and potentially billing information.

The healthcare ransomware crisis continues: Ambulance services and emergency medical providers are particularly vulnerable because they often operate with lean IT budgets, legacy systems, and an operational imperative that makes downtime life-threatening — exactly the conditions ransomware operators exploit to pressure payment.

🟡 OSI Systems: INC Ransom Claims 250GB, Lawsuits Begin

Severity: High | Breach: December 2025 | Notifications: March 11, 2026

OSI Systems, the company behind Rapiscan airport security scanners and medical monitoring equipment, is now facing class-action lawsuits after the INC Ransom group claimed responsibility for a breach last December.

The ransomware group posted about the breach on the dark web on December 30, 2025, claiming 250GB of confidential data including company and client information. OSI completed its review on February 10, 2026 and began mailing breach notification letters on March 11.

The supply chain angle: OSI Systems provides security screening equipment to airports, government agencies, and ports worldwide. Any compromise of their systems or client data could have national security implications beyond typical corporate breaches.

🟡 England Hockey: AiLock Ransomware Listing

Severity: Moderate | Investigating: March 2026

England Hockey, the governing body for the sport in England, confirmed it is investigating after the AiLock ransomware group listed the organization on its leak site. The full scope remains unclear.

Why sports governing bodies matter: While seemingly low-profile, sports organizations handle membership databases, minor athlete information, safeguarding records, and financial data. The UK’s National Cyber Security Centre has repeatedly warned that sports organizations are increasingly targeted due to their combination of valuable data and limited cybersecurity resources.

The Patterns This Week

Three trends emerge from this week’s breach landscape:

1. Supply Chain Cascades Are Accelerating

The Telus breach originated from the Salesloft Drift breach, which originated from compromised Salesforce instances. One breach begetting the next through stolen credentials and exposed secrets is becoming the dominant attack pattern of 2026. Your security is only as strong as your weakest vendor.

2. Canada Is Under Siege

Three of this week’s major breaches — Telus, Loblaw, and Bell Ambulance’s parent operations — hit Canadian organizations. This follows a broader trend of increased targeting of Canadian critical infrastructure and may be connected to geopolitical shifts in the Five Eyes intelligence-sharing alliance.

3. The BPO Risk Is Systemic

Telus Digital handles BPO operations for at least 28 major companies. When a BPO provider is breached, every client is potentially compromised. If you outsource any customer-facing operations, this week should trigger an urgent review of your third-party risk management program.

What Should You Do?

  • Check your Telus exposure. If any of your vendors use Telus Digital for BPO services, assume your data may be compromised and begin monitoring for unauthorized access.
  • Audit HR platform security. The Starbucks breach highlights that employee data in third-party HR systems is a growing target. Review access controls and data minimization practices.
  • Review breach notification timelines. OSI Systems took nearly three months from breach to notification. Ensure your incident response plan includes realistic notification timelines that comply with evolving state and federal requirements.
  • Monitor for credential stuffing. Loblaw’s forced logouts suggest credential data may be in the wild. If your users share passwords across services (and they do), expect credential stuffing attacks leveraging this data.