A360
Key Takeaways✦ Atlas AI
01
Schools negotiate with hackers.
02
6.65 TB student data stolen.
03
Canvas platform disrupted.
Atlas AI
Some schools and universities hit by an April cyberattack on the Canvas learning management system have contacted the hacking group ShinyHunters to try to prevent stolen student data from being published, according to a source familiar with the matter.
ShinyHunters said in a May 3 post that it had exfiltrated about 6.65 terabytes of data tied to nearly 9,000 schools worldwide, including student names, email addresses and private messages.
Timeline and disruption
Instructure, Canvas’ parent company, said on May 1 that it was investigating a cybersecurity incident. Student newspapers reported the hack was disrupting students as they prepared for end-of-year tasks and assignments.
On May 5, ShinyHunters posted that Instructure had not responded to its demands and shared a list of roughly 1,400 schools and districts, inviting them to negotiate directly to prevent data from being posted. By May 7, the group had removed the posts and replaced them with a message saying it had no further comment on the incident.
Service interruptions
Instructure said in a May 6 update that the situation was resolved and Canvas was fully operational. However, on May 7, students at multiple schools reported seeing a note from ShinyHunters when attempting to log in. Instructure then took Canvas, Canvas Beta and Canvas Test offline.
Canvas was restored about four hours later, while Canvas Beta and Canvas Test remained in maintenance mode.
The breach occurred on April 25, and Canvas has 30 million active users from kindergarten through college, according to Instructure’s website.
