Instructure Strikes Deal for Hackers for Return of Canvas Data
The New York Times • • nation
Key Points:
- Instructure, the maker of Canvas software used by thousands of schools globally, announced a deal with hackers ShinyHunters to return stolen data and destroy any copies after a recent cyberattack.
- The hacking group claimed to have accessed data of over 275 million users at nearly 9,000 schools, including private conversations and personal information, causing Canvas to be shut down temporarily.
- Instructure confirmed it was assured that none of its customers would face extortion following the theft, though the company did not disclose what was exchanged for the data's return.
- The breach involved usernames, email addresses, course details, enrollment information, and messages, impacting more than 30 million active Canvas users worldwide.
- Instructure detected unauthorized activity on April 29 and May 7, took Canvas offline for investigation, and informed multiple law enforcement agencies, but the FBI advises against paying ransoms to hackers.