"Instructure, the parent company of Canvas, said in an online post that it "reached an agreement with the unauthorized actor involved in this incident." The company didn't provide any details on the agreement, including whether it involved a payment, and didn't elaborate who was behind the hack. Instructure temporarily took the system offline while it investigated, locking out students and faculty."
"As part of the deal, the data was returned to Instructure. The company said Monday that it also received "digital confirmation" that the hackers destroyed any remaining copies, in the form of "shred logs." The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data."
"A hacking group named ShinyHunters claimed responsibility for last week's breach, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6. The group then extended the deadline, indicating some schools had engaged with them to negotiate."
"The data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform, Instructure's chief information security officer, Steve Proud, said earlier this month. The company found no evidence that passwords, dates of birth, government identification or financial information were compromised, it said."
Instructure, the parent company of Canvas, reached an agreement with an unauthorized actor involved in a cyberattack. The system was temporarily taken offline during the investigation, which locked out students and faculty. A hacking group, ShinyHunters, claimed responsibility and threatened to leak data from nearly 9,000 schools and about 275 million individuals unless a ransom was paid by May 6, later extending the deadline. As part of the agreement, the data was returned to Instructure. Instructure also received digital confirmation that remaining copies were destroyed, described as shred logs. The company stated there is no complete certainty that data was erased permanently, and it acted due to concerns about potential publication. The breach involved student ID numbers, email addresses, names, and messages, with no evidence of compromised passwords, dates of birth, government identification, or financial information.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]