The Shinyhunters hacker group has returned the stolen data of over 275 million Canvas users to Instructure. It is not known whether the ransom demanded was paid.
The hackers had stolen, among other things, usernames, email addresses and messages from Canvas, an educational application used by around 9,000 institutions worldwide. The US-based company Instructure, the creator of Canvas, was given until 12 May to pay the ransom, otherwise the data would be made public.
Apologies
According to Instructure, a deal has now been reached and the stolen data has been deleted. The company reports this on its website. Instructure has also issued an apology and states that Canvas is safe to use again.
It has not been disclosed whether a ransom was paid in exchange for the deletion of the data. However, the hackers have confirmed the deal, reports the NOS.
Seven universities
Dutch educational institutions were also affected by the hack. This involved seven universities and at least two universities of applied sciences that use Canvas. Students use the platform to view their timetables or grades. They can also send messages to classmates and lecturers.
Has the data really been deleted? Instructure warns that there is never complete certainty when negotiating with cybercriminals. The company is conducting further investigations into the hack.
- TU Delft does not use Canvas, but instead relies on the alternative platform Brightspace. TU Delft students who are undertaking a dual degree programme at one of the affected universities (such as Erasmus University) are advised to follow the updates issued by the relevant institution.
HOP, Naomi Bergshoeff
Comments are closed.