Schools negotiate with hackers following Canvas data breach

Schools negotiate with hackers following Canvas data breach

Briefly

"Educational institutions in the United States are attempting to negotiate directly with the hacker group ShinyHunters after the learning platform Canvas was hit by a large-scale cyberattack. According to Reuters and the security website KrebsOnSecurity, some schools have already contacted the attackers to prevent stolen data from being made public."

"ShinyHunters claims to have stolen approximately 6.65 terabytes of data from nearly 9,000 schools and universities worldwide. According to KrebsOnSecurity, this may involve data from approximately 275 million students, teachers, and staff members. The stolen information reportedly consists of names, email addresses, student ID numbers, and private communications within the platform."

"The impact of the incident became apparent last week when students and staff suddenly saw a ransom note from ShinyHunters upon logging into Canvas. The hackers had temporarily replaced the normal login page with a message urging schools to contact them directly for negotiations. According to KrebsOnSecurity, this occurred at an extremely sensitive time. Many schools and universities are currently in the middle of exam weeks and final assignments, meaning disruptions have immediate consequences for classes, deadlines, and exams."

"Instructure subsequently took Canvas, Canvas Beta, and Canvas Test offline temporarily. The regular environment became available again a few hours later, while access to the test and beta environments remains limited for the time being. Instructure says it currently has no indication that passwords, financial data, dates of birth, or official identification numbers have been compromised."