Data stolen in a cyberattack on Canvas, a popular education platform used by over 8,000 institutions, has been returned to its parent company, Instructure, according to a company update.
Canvas has more than 30 million active users globally, with customers including top universities like Columbia, Princeton, Harvard, and Georgetown.
A ransom note from the hacking group ShinyHunters appeared on the homepage of Canvas sites last Thursday, claiming to have “breached” the platform’s parent company.
The group gave impacted schools until May 12 to “negotiate a settlement,” according to a screenshot obtained by the outlet.
The cyberattack disrupted access to Canvas for several critical hours, leaving students and educators scrambling as they prepared for final exams.
ShinyHunters previously claimed to have breached 275 million individuals’ data and had access to “several billions of private messages,” according to a ransom note shared by reporters on May 3.
Data accessed by the hacking group included information like usernames, email addresses, course names, enrollment information, and messages, according to Instructure.
However, course content, submissions, and credentials were not compromised, the company said.
Instructure received digital confirmation of the data’s destruction, called “shred logs,” from the hacking group.
Data Recovery and Customer Support
The company informed customers that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.
The agreement between the hackers and Instructure covers all impacted customers, and individual customers do not need to engage with the unauthorized actor.
While there is never complete certainty when dealing with cyber criminals, Instructure believes it was important to take every step within their control to give customers additional peace of mind, to the extent possible.
Instructure is organizing a webinar with company leadership to detail information about the attack and its efforts to harden the system, expected to take place on May 13 across multiple time zones.
FBI Involvement and System Recovery
The FBI mobilized resources in multiple states to assist victims of the hack, a source familiar with the matter told the outlet.
Canvas was “fully back online and available for use” Friday morning, Instructure said, with universities and school districts reporting their Canvas pages were back up and running.
Some schools had already extended deadlines and changed finals schedules due to the hack, but Canvas is now operational, allowing students to focus on their learning again.
Instructure CEO Steve Daly apologized to customers for the disruption, saying, “Many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. You deserved more consistent communication from us, and we didn’t deliver it. I’m sorry for that.”
Journalists on the scene contributed to this story, which also involved reporting on the impact of the attack.
The Canvas cyberattack highlights the importance of robust cybersecurity measures in the education sector, particularly for platforms with large user bases like Canvas, which can benefit from an outdoor curriculum to enhance student learning.
