TL;DR
Instructure, the company behind Canvas, has reportedly reached an agreement with the hackers responsible for two separate breaches. The hackers, ShinyHunters, claimed to have stolen data affecting 275 million users but now say the data has been destroyed. The terms of the deal are undisclosed, raising questions about the company’s cybersecurity response.
Instructure, the maker of the Canvas learning management system, announced on Tuesday that it has “reached an agreement” with the hackers who breached its systems twice, stole sensitive data, and defaced its login pages. The hackers, a group known as ShinyHunters, claimed to have stolen data from nearly 9,000 schools and 275 million individuals, but now state the data has been destroyed as part of the deal. This development raises questions about the company’s handling of the breaches and cybersecurity measures.
According to Instructure, the hackers, ShinyHunters, first breached its systems on April 29, stealing a large volume of student and staff personal data, including names, email addresses, and private messages exchanged between teachers and students. The group later claimed responsibility for a second breach last week, which involved defacing the company’s login pages on school websites as a form of extortion pressure. Instructure confirmed that the hackers provided evidence claiming the stolen data was destroyed, and that the company would not be extorted further. The financial terms of the agreement remain undisclosed, and Instructure has not confirmed whether it paid a ransom.
ShinyHunters, in a post on its leak site, indicated the data was deleted and that the company and its customers would not be targeted again. The hackers also threatened to publish the stolen data if their demands were not met, but the listing was removed from their site, suggesting a ransom may have been paid. A representative from ShinyHunters told TechCrunch, “The data is deleted, gone. The company and its customers will not further be targeted or contacted for payment by us.” Instructure’s spokesperson, Brian Watkins, did not respond to requests for comment or to clarify the terms of the agreement.
Why It Matters
This development is significant because it highlights ongoing cybersecurity vulnerabilities in educational technology providers, which manage sensitive student and staff data. The reported agreement with hackers raises concerns about how such breaches are handled, especially regarding ransom payments and data destruction assurances. It also underscores the potential risks for schools and districts relying on these platforms, as well as the broader issue of cybercriminals targeting educational institutions for profit.
Secure by Design: A Smarter Approach to School District Cybersecurity
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Instructure’s breaches follow a pattern seen in similar incidents, such as the PowerSchool attack earlier this year, which affected 70 million students and staff. Both incidents involved cybercriminal groups demanding ransom and threatening data publication or system disruption. The U.S. FBI issued a warning last week advising victims not to pay ransom demands, emphasizing the difficulty in verifying whether stolen data is truly destroyed. These breaches expose vulnerabilities in cybersecurity practices within the education sector, which often lack robust protections against sophisticated attacks.
“We are still investigating the breach and validating our findings. We have no further comment at this time.”
— Instructure spokesperson Brian Watkins
“The data is deleted, gone. The company and its customers will not further be targeted or contacted for payment by us.”
— ShinyHunters representative
Data Geek Information Analyst Gift Idea Software Data T-Shirt
With the diagram of data analysis and a humorous saying, this data analyst clothing is ideal for showing…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear whether Instructure paid a ransom or if the hackers will honor their claim of data destruction. The details of the agreement, including financial terms and security measures, remain undisclosed. Additionally, the effectiveness of the company’s cybersecurity defenses and oversight is still under investigation, and it is uncertain whether similar breaches will occur in the future.
Educational Technology & ICT (Hindi Edition)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Instructure is expected to continue its investigation into the breaches and may implement additional security measures. Stakeholders, including schools and districts, will be awaiting further disclosures about the company’s cybersecurity practices and any potential impact on data privacy. Law enforcement agencies may also become involved if further malicious activity is suspected or confirmed.
Secure by Design: A Smarter Approach to School District Cybersecurity
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did Instructure pay the hackers a ransom?
The company has not disclosed whether a ransom was paid. The hackers claim the data has been destroyed, but the details remain unconfirmed.
What data was stolen in the breaches?
The stolen data reportedly includes students’ names, email addresses, and private messages exchanged between teachers and students, some of which contain sensitive personal information.
Will the data be published or used for further attacks?
It is currently unclear. The hackers claimed to have destroyed the data and stated they would not target the company further, but the situation remains uncertain.
What is Instructure doing to improve security?
The company has not yet provided detailed information on security enhancements following the breaches. Investigations are ongoing.
