Last week, hackers breached online education platform Canvas, holding the data for ransom. On Tuesday, the parent company announced it had made a deal with the hacking group. File Photo by Sascha Steinbach/EPA
May 12 (UPI) — The parent company of Canvas, used by thousands of schools and universities, said it has made a deal with hackers to return the data and delete any copies.
The ShinyHunters hacking group claimed responsibility for the breach Thursday into parent company Instructure. The group said it accessed the data of more than 275 million users at nearly 9,000 schools. The data included private e-mails between students and teachers, along with personally identifying information.
Instructure said in a statement that the stolen data was returned and it had confirmation that the hackers destroyed any duplicate data, via shred logs. The company also said it was told that its customers would not face any further extortion.
“There is no need for individual customers to attempt to engage with the unauthorized actor,” Instructure said.
“While there is never complete certainty when dealing with cybercriminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said.
The company didn’t say what it had given the hackers, but it did apologize to users.
“Many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn’t get answered. You deserved more consistent communication from us, and we didn’t deliver it. I’m sorry for that,” Instructure said in the statement.
Students and teachers use Canvas for coursework and communications worldwide.
Universities like Columbia, Princeton, Harvard and Georgetown said a ransom note signed by ShinyHunters showed up on the home pages of their schools’ Canvas sites last week.
ShinyHunters’ highest-profile hack breached Ticketmaster in 2024, claiming it stole data of more than 500 million users.
About the Author
