Canvas Breach Disrupts Schools and Colleges Nationwide
19 hours ago
- #Cybersecurity Breach
- #Data Extortion
- #Education Technology
- Cybercrime group ShinyHunters conducted a data extortion attack on Instructure's Canvas platform, disrupting schools and universities.
- Stolen data includes names, email addresses, student ID numbers, and messages, but excludes passwords and financial data.
- Instructure initially claimed containment, but the platform was later defaced with a ransom note, leading to a shutdown.
- ShinyHunters threatened to leak data from 275 million users across 9,000 institutions if ransoms were not paid.
- The attack coincided with final exams, amplifying its impact on educational institutions.
- Instructure has faced multiple breaches by ShinyHunters over eight months, with prior incidents linked to data leaks.
- ShinyHunters uses voice phishing and social engineering to breach organizations, targeting other high-profile companies.
- The response from educational institutions and regulatory pressures may influence how Instructure handles the breach.