Explore

Rapid Read Rapid Read
Instructure Faces Ransom Threat Over Data Leak Impacting 8,800 School Systems

Instructure Faces Ransom Threat Over Data Leak Impacting 8,800 School Systems

Attackers associated with a group known as The Com have issued a ransom demand to Instructure, the company responsible for the Canvas learning management system. The threat involves the potential release of sensitive data from over 8,800 school systems unless the ransom is paid. The deadline for Instructure to respond is approaching, raising significant concerns about the potential impact on educational institutions nationwide. This situation highlights the vulnerabilities within the educational sector, which often lacks the cybersecurity resources available to larger corporations. The reliance on digital platforms for educational and administrative purposes means that a data breach could severely compromise student privacy and disrupt educational operations.
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers Following Data Breach

Instructure Reaches Agreement with Hackers Following Data Breach

Instructure, the company behind the Canvas learning platform, has announced an agreement with the hacker group ShinyHunters, which attacked its systems twice. The initial attack occurred on April 29, during which the hackers claimed to have stolen personal data of approximately 275 million students and staff. The group later attacked again, defacing login pages on school websites to pressure Instructure. The company has stated that the hackers provided evidence of deleting the stolen data and assured that customers would no longer face blackmail. However, Instructure did not disclose the financial terms of the agreement or confirm if any payment was made. The U.S. government and security experts generally advise against paying cybercriminals, as it may encourage further criminal activities.
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers to Secure Data from Thousands of Schools

Instructure Reaches Agreement with Hackers to Secure Data from Thousands of Schools

Instructure, the company behind the education platform Canvas, has reached an agreement with a hacking group that infiltrated its systems, stealing data from nearly 9,000 schools. The hackers threatened to release the data unless a ransom was paid by a specified deadline. Instructure has not disclosed whether a ransom was paid but confirmed that the deal includes the return of stolen data and assurances that no further extortion will occur. The breach affected millions of students, teachers, and staff, disrupting educational activities during a critical period of final exams. The hackers exploited free accounts offered to teachers to gain access to the system, prompting Instructure to disable these accounts temporarily.
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers Following Data Breaches Affecting Schools

Instructure Reaches Agreement with Hackers Following Data Breaches Affecting Schools

Instructure, the company behind the Canvas educational platform, has reached an agreement with hackers who breached its systems twice, compromising data from millions of students and staff. The cybercrime group ShinyHunters claimed responsibility for the breaches, which affected nearly 9,000 schools. The hackers initially stole personal information of 275 million individuals and later defaced Canvas login pages to pressure Instructure into paying a ransom. Instructure announced that the hackers have provided evidence of data destruction and assured that Canvas customers will not face extortion. However, the financial terms of the agreement remain undisclosed. The FBI has advised against paying ransoms, as it encourages further cybercriminal activity.
Reuters Reuters
Canvas' parent company reaches agreement with hacking group behind recent breach

Canvas' parent company reaches agreement with hacking group behind recent breach

By AJ Vicens May 12 (Reuters) - The hacking group that targeted the Canvas educational tool and the parent company that owns the software struck a deal to secure stolen student and school data, the company said in a statement late Monday.
Rapid Read Rapid Read
ShinyHunters Targets Education Sector with Canvas Extortion Campaign

ShinyHunters Targets Education Sector with Canvas Extortion Campaign

The ShinyHunters ransomware group has launched an extortion campaign targeting the education sector following a breach of Instructure, the company behind the Canvas Learning Management System. The breach, which occurred on April 25, resulted in the theft of approximately 275 million records from 8,809 educational institutions. ShinyHunters exploited a vulnerability in the Free-For-Teacher version of Canvas, exfiltrating over 3.65 TB of data. The group initially demanded a ransom by May 8, threatening to leak the data if not paid. After the deadline passed, they intensified their efforts with a school-by-school extortion campaign, defacing around 330 institutional Canvas login pages with ransom demands. Instructure has not engaged with the group but has implemented security patches.
Rapid Read Rapid Read
Instructure Confirms Canvas Security Breach, Impacting Educational Institutions

Instructure Confirms Canvas Security Breach, Impacting Educational Institutions

Instructure, the developer of the Canvas learning management system, has confirmed a security breach that allowed hackers to exploit vulnerabilities and deface login portals. The breach involved cross-site scripting (XSS) vulnerabilities, enabling attackers to gain authenticated admin sessions. This incident followed an initial breach where hackers stole over 3.6 terabytes of data. The attackers, identified as ShinyHunters, used the same vulnerability to pressure Instructure into paying a ransom by defacing portals with extortion messages. The breach affected the Free-for-Teacher environment, a limited version of Canvas used by individual educators. Instructure has since taken steps to revoke unauthorized access, engage forensic experts, and apply additional safeguards.
Trendline Trendline
Instructure Reaches Agreement with Hackers Following Data Breach Impacting Millions

Instructure Reaches Agreement with Hackers Following Data Breach Impacting Millions

Instructure Reaches Agreement with Hackers Following Data Breach Impacting Millions
Rapid Read Rapid Read
ShinyHunters Launches Ransom Campaign Against Educational Institutions

ShinyHunters Launches Ransom Campaign Against Educational Institutions

The ShinyHunters ransomware group has intensified its extortion campaign against educational institutions following a data breach at Instructure, the company behind the Canvas Learning Management System. The breach, which occurred on April 25, resulted in the theft of approximately 275 million records from 8,809 institutions. ShinyHunters exploited a vulnerability in the Free-For-Teacher version of Canvas, exfiltrating over 3.65 TB of data. The group initially demanded a ransom by May 8, threatening to leak the data if not paid. With the deadline passed, they have begun targeting individual schools with extortion demands, threatening to release data by May 12 if settlements are not reached.
Rapid Read Rapid Read
Canvas' Parent Company Reaches Agreement with Hacking Group to Secure Stolen Data

Canvas' Parent Company Reaches Agreement with Hacking Group to Secure Stolen Data

The parent company of the Canvas educational tool, Instructure, has reached an agreement with the hacking group ShinyHunters, which was responsible for a data breach involving student and school data. The agreement ensures that all stolen data has been returned and digitally confirmed as destroyed. Instructure has stated that no customers will be extorted as a result of this incident. The breach had affected nearly 9,000 schools, with data including student names, email addresses, and messages. The hacking group has confirmed that the data is deleted and that they will not contact the company or its customers for payment. The decision to pay or not in such situations is complex, as noted by ransomware negotiator Kurtis Minder, who suggested that some payment might have been involved.
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers to Secure Stolen Data from Canvas Platform

Instructure Reaches Agreement with Hackers to Secure Stolen Data from Canvas Platform

Instructure, the company behind the Canvas educational platform, has reached an agreement with the hacking group ShinyHunters, which had breached its systems and stolen data. The hackers threatened to release the data publicly unless a ransom was paid by a specified deadline. The breach affected nearly 9,000 schools and 275 million individuals, including students, teachers, and staff, disrupting educational activities during a critical period of finals. Instructure has not disclosed whether a ransom was paid but confirmed that the stolen data was returned and destroyed. The company has taken steps to prevent future breaches by disabling the type of accounts exploited by the hackers.
Reuters Reuters
Developer of education tool Canvas issues apology after hack

Developer of education tool Canvas issues apology after hack

By Kanishka Singh WASHINGTON, May 11 (Reuters) - The developer of Canvas, widely used by U.S. institutions for grades and class materials, issued an apology after a hack that ​blocked students from accessing the education tool and involved student data being stolen by a cybercriminal hacking group.