Canvas owner pays hackers after education platform breached twice
Instructure, the parent company of the Canvas learning management system, succumbed to a ransom demand from hackers who infiltrated its educational platform on two occasions. The firm obtained digital assurance that the compromised data, affecting 275 million individuals, was eliminated, but it admitted there is no guarantee the hackers fulfilled their promise. The breaches were executed by the ShinyHunters group, which accessed the system twice. Instructure engaged in negotiations with the perpetrators to ensure the removal of the stolen information, which contained sensitive details about students and educators. This incident underscores persistent cybersecurity risks within educational technology platforms.
Key facts
- Instructure paid a ransom to hackers who breached Canvas twice
- Stolen data covered 275 million people
- Company received digital confirmation data was destroyed
- Instructure acknowledged no certainty hackers kept their word
- Breaches were carried out by ShinyHunters group
- Data included sensitive information from students and educators
Entities
Institutions
- Instructure
- Canvas
- ShinyHunters
Sources
- Quartz —