Instructure, the parent company of the Canvas learning platform, announced it has reached an agreement with the unauthorized actor responsible for a recent breach that exposed student information from nearly 9,000 schools. The deal includes the return of the stolen data and digital confirmation that the hackers have destroyed any remaining copies, though the company cautions absolute certainty is impossible. The breach involved student IDs, emails, names and messages, but not passwords or financial data. Instructure is conducting forensic analysis and strengthening security measures.
KELVIN CHANThe company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a Instructure , the parent company of Canvas, said in an online post that it "reached an agreement with the unauthorized actor involved in this incident.
" The company didn't provide any details on the agreement, including whether it involved a payment, and didn't elaborate who was behind the hack. Instructure temporarily took the system offline while it investigated, locking out students and faculty. A hacking group named ShinyHunters claimed responsibility for last week's breach, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6.
The group then extended the deadline, indicating some schools had engaged with them to negotiate. As part of the deal, the data was returned to Instructure. The company said Monday that it also received "digital confirmation" that the hackers destroyed any remaining copies, in the form of "shred logs.
" The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data. "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible," Instructure said.
The data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform, Instructure's chief information security officer, Steve Proud, said earlier this month. The company found no evidence that passwords, dates of birth, government identification or financial information were compromised, it said. The company said it was working with "expert vendors" to do a forensic analysis, "further harden" its systems, and carry out a "comprehensive review of the data involved.
" The disruption caused panic last week among students and faculty members when they were locked out of a platform they rely on to manage grades and access course notes and assignments. Schools and universities use Canvas to manage nearly all aspects of instruction. The platform acts as a gradebook, a hub for digital lectures and course materials, a discussion board for classroom projects, and a messaging platform between students and instructors.
Some courses also give quizzes and exams on the platform, or use it as a portal where final projects and papers are submitted on deadline.
Canvas Breach Instructure Shinyhunters Data Deletion Deal Student Data
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Instructure CEO apologizes after Canvas cyberattack causes data breachSteve Daly, the CEO of Instructure, apologized after a nationwide cyberattack on Canvas caused a major data breach.He wrote a letter addressing the Instructure
Read more »
Instructure CEO apologizes after Canvas cyberattack causes data breachSteve Daly, the CEO of Instructure, apologized after a nationwide cyberattack on Canvas caused a major data breach.He wrote a letter addressing the Instructure
Read more »
Deal reached with hackers to delete data stolen from the Canvas educational platformInstructure, the company behind the online learning system Canvas, has reached a deal with hackers to delete data stolen in a cyberattack.
Read more »
Deal reached with hackers to delete data stolen from the Canvas educational platformInstructure, the parent company of Canvas, said in an online post that it 'reached an agreement with the unauthorized actor involved in this incident.'
Read more »