Canvas hack: Company pays criminals to delete students' stolen data

The recent cyber-attack on Instructure's Canvas software has significantly disrupted education at approximately 9,000 institutions across the US, Canada, Australia, and the UK. The attack involved the theft of 3.5 terabytes of sensitive student and university data, which the hacker group Shiny Hunters threatened to publish unless a ransom was paid. Instructure opted to pay the ransom to avoid further exposure of personal information, despite warnings from law enforcement that such payments can encourage future attacks and do not guarantee the deletion of stolen data. The incident has raised concerns about the safety of educational technology and the impact of cybercrime on students' academic experiences, particularly during critical exam periods. Students reported confusion and distress as exams were interrupted or postponed due to the breach, illustrating the direct consequences of cyber risks in educational environments. This situation highlights the urgent need for robust cybersecurity measures and ethical considerations surrounding the payment of ransoms in cyber incidents.

Why This Matters

This article is significant as it underscores the vulnerabilities of educational technology to cyber threats. The disruption of academic processes and potential exposure of sensitive student data can have far-reaching consequences for students and institutions alike. Understanding these risks is crucial as reliance on digital platforms continues to grow in education, emphasizing the need for enhanced security measures and ethical policies in responding to cyber threats.