"Instructure has paid a ransom to a gang of cybercriminals that have twice hacked the company's learning management system, Canvas, over the past week and a half. According to an update published by the education-technology company Monday night, the deal means that the hackers have returned the compromised data of some 275 million users across more than 8,000 institutions."
"The company-whose LMS is used to deliver courses by 41 percent of higher education institutions in North America-said it "received digital confirmation of data destruction (shred logs)" and assurance "that no Instructure customers will be extorted as a result of this incident, publicly or otherwise." It added that the agreement "covers all impacted Instructure customers" and that individual customers have "no need" to engage with ShinyHunters, the extortionist group that has breached and temporarily disabled Canvas twice so far this month."
""While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible," the company wrote. "We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses.""
"ShinyHunters' infiltration of Canvas caused major service disruptions. The group warned Instructure to pay up if it didn't want all that user data-which included names, email addresses and student ID numbers-leaked. "Several billions of private messages among students and teachers"
Instructure paid a ransom to cybercriminals after Canvas was hacked twice within about a week and a half. The agreement resulted in the return of compromised data for roughly 275 million users across more than 8,000 institutions. Instructure said it received digital confirmation of data destruction through shred logs and assurance that no Instructure customers would be extorted. The company stated the agreement covers all impacted customers and that individual customers do not need to engage with ShinyHunters. Instructure also said it will continue forensic analysis, further harden its environment, and conduct a comprehensive review of the involved data while providing updates.
Read at Inside Higher Ed | Higher Education News, Events and Jobs
Unable to calculate read time
Collection
[
|
...
]