Deal reached with hackers to delete data stolen from the Canvas platform
3 hours ago
- #Cybersecurity
- #Education Technology
- #Data Breach
- Instructure, the parent company of Canvas, reached an agreement with hackers (ShinyHunters) to delete data stolen in a cyberattack, including student ID numbers, emails, names, and messages.
- The hackers had threatened to leak data from nearly 9,000 schools and 275 million individuals unless a ransom was paid, but extended the deadline as negotiations occurred.
- As part of the deal, data was returned to Instructure, with 'digital confirmation' via 'shred logs' that copies were destroyed, though the company acknowledged uncertainty about permanent erasure.
- The breach caused chaos for students and faculty during finals, locking them out of Canvas, which is used for grades, course materials, exams, and submissions.
- Instructure found no evidence that passwords, birth dates, government IDs, or financial information were compromised and is working with experts to analyze and secure systems.