Canvas reaches deal with hackers to return data, including Hong Kong users

Education platform Canvas has reached an agreement with hackers to recover all compromised data following a global breach. The incident, which began last Thursday, affected approximately 9,000 institutions worldwide, including 72,571 users in Hong Kong. Instructure, Canvas's parent company, stated that the agreement ensures no customers will be extorted. The company plans to hold a webinar to detail the attack and outline system hardening measures. The agreement includes the return and destruction of any data held by the unauthorized actor, and customers are advised not to engage with the hackers directly.

Instructure, the company behind the Canvas learning platform, has reached an agreement with hackers responsible for a recent cyberattack. The breach disrupted access to the platform for students and faculty, leading to delayed final exams. A hacking group named ShinyHunters claimed responsibility, threatening to leak stolen data from nearly 9,000 schools. As part of the deal, the pilfered data, including student names, email addresses, and ID numbers, was returned to Instructure, with hackers providing digital confirmation of data destruction. While Instructure acknowledges there's no absolute certainty of complete erasure, they took action to mitigate potential data publication and are conducting a forensic analysis to enhance system security.

Instructure, the company behind the Canvas learning management system, has confirmed it paid cybercriminals to prevent the release of stolen student and university data. The hack, which occurred last week, disrupted services at approximately 9,000 institutions across the US, Canada, Australia, and the UK. Hackers had threatened to publish 3.5 terabytes of sensitive information. Instructure stated its primary motivation was to protect student and staff data, reaching an agreement with the attackers who claim to have deleted the data and will not extort individuals. This action contradicts advice from law enforcement agencies, which caution that paying criminals can encourage further attacks and offers no guarantee of data deletion.

The educational platform Canvas, used by millions globally, experienced a major cyberattack claimed by the hacker group ShinyHunters. The group threatened to leak 3.5 terabytes of stolen student data, including personal information and private messages, if ransoms were not paid by May 12. The attack caused widespread disruption for students preparing for exams across countries like the United States, Australia, and the UK. Canvas has since been partially restored for most users, though some institutions are still completing necessary checks before full access is granted. The FBI is aware of the service disruption impacting educational institutions.

A cyberattack on Canvas, a widely used educational platform, disrupted final exams for thousands of US schools and universities on Thursday. The outage prevented students from accessing course materials and submitting assignments, causing widespread panic and forcing some institutions, like the University of Texas at San Antonio, to postpone exams. The hacking group ShinyHunters claimed responsibility for the breach. Educational institutions are implementing workarounds and urging students to be vigilant against phishing attempts. The incident highlights the significant reliance of academia on technology and the vulnerabilities associated with it.

A cyber attack on Thursday disrupted numerous universities and schools across the US and Canada, impacting the academic software Canvas. The hacking group ShinyHunters reportedly claimed responsibility for the incident, which caused widespread chaos and confusion during a critical end-of-year period. Institutions from New York to Vancouver, including Penn State University and the University of British Columbia, reported significant outages and advised students to log out of the platform. While Instructure, the owner of Canvas, stated by late Thursday that the service was available for most users, some universities indicated a resolution might take longer than 24 hours and cancelled exams. The attack forced students to struggle with submitting assignments and led some institutions to temporarily disable their Canvas pages.