Deal reached with hackers to delete data stolen from the Canvas educational platform
WRAL • • general
Key Points:
- Instructure, the company behind the Canvas online learning system, reached an agreement with hackers who stole data in a cyberattack, resulting in the deletion of the pilfered information and its return to the company.
- The hacking group ShinyHunters claimed responsibility, threatening to leak data from nearly 9,000 schools and 275 million individuals unless a ransom was paid; some schools engaged in negotiations, leading to an extended deadline.
- Instructure confirmed receiving "digital confirmation" from hackers that remaining data copies were destroyed, though the company acknowledged there is no absolute certainty of complete data erasure.
- The breach involved student ID numbers, email addresses, names, and messages on Canvas, but no evidence was found of compromised passwords, birthdates, government IDs, or financial information.
- The attack caused significant disruption as students and faculty were locked out of Canvas during finals, impacting access to grades, course materials, assignments, and exams, prompting Instructure to conduct a forensic analysis and strengthen system security.