Data stolen from education platform Canvas is deleted in deal with hackers
AP News • • general
Key Points:
- Instructure, the company behind the Canvas online learning system, reached an agreement with hackers to delete stolen data following a cyberattack that disrupted students, many during finals.
- The hacking group ShinyHunters claimed responsibility and threatened to leak data from nearly 9,000 schools and 275 million individuals unless a ransom was paid, later extending the deadline as some schools negotiated.
- As part of the deal, the hackers returned the stolen data and provided digital proof of its destruction, though Instructure acknowledged it cannot guarantee the data was fully erased.
- The breach involved student ID numbers, email addresses, names, and messages, but no passwords, dates of birth, government IDs, or financial information were compromised.
- The attack caused significant disruption, locking out students and faculty from Canvas, a platform essential for managing grades, course materials, assignments, and exams, prompting Instructure to enhance security and conduct a forensic review.