Thousands of K-12 schools and universities across the United States have been impacted by a significant cyberattack on Canvas, a widely used learning management system. The hacker group known as ShinyHunters claims to have breached Instructure, the parent company of Canvas, and is threatening to release stolen data unless a ransom is paid by May 12.
Scope of the Attack
The breach has affected numerous educational institutions nationwide, including major universities such as the University of North Carolina at Chapel Hill and the University of Pennsylvania. According to a cybersecurity firm analyst, nearly 9,000 schools worldwide may have been impacted, with billions of private messages and other records potentially accessed.
Data at Risk
Instructure has reported that there is no indication that sensitive information such as passwords, dates of birth, government identifiers, or financial data was involved in the breach. However, the full extent of the data accessed remains under investigation.
Hacker Demands
ShinyHunters is demanding a ransom payment by May 12 to prevent the release of the stolen data. The group has a history of targeting educational institutions and other organizations.
Response from Instructure
Instructure is working with cybersecurity experts and law enforcement to address the breach. The company has advised affected schools to take precautionary measures and is providing updates as the investigation continues.
This incident highlights the ongoing vulnerability of educational technology systems to cyberattacks, emphasizing the need for robust security measures to protect student and staff data.
