Cyberattack on Canvas potentially compromises millions of users' personal information

Key Points:

• Canvas, a widely used learning management system in Utah schools, experienced a cyberattack potentially compromising personal information of millions of users, including names, email addresses, student ID numbers, and messages.
• Financial details, dates of birth, social security numbers, and passwords were not affected, lowering the risk of identity fraud according to Utah State Board of Education's Director of Privacy, Katy Challis.
• The hacker group "ShinyHunters" claimed responsibility, alleging data from nearly 9,000 schools and 275 million individuals worldwide was stolen, including billions of private messages.
• Instructure, Canvas's parent company, has resolved the incident and is investigating the breach's scope, with Utah schools required by law to notify parents once more information is available.
• Officials caution that while identity theft risk is low, compromised data could be used for phishing scams, and schools are committed to protecting data and will provide updates to parents soon.