Canvas Parent Firm Reaches Deal With Hackers After Major Cyberattack

New Delhi: The debate over digital security in education systems has intensified after the maker of the widely used Canvas platform reached a deal with hackers following a major cyberattack that disrupted thousands of universities and colleges globally, according to multiple reports.

Concerns Raised Over Protection Of Student Data

While concerns are now being raised about the robustness of systems handling sensitive student data, including exam records and answer sheets in cloud storage such as those under the Central Board of Secondary Education (CBSE) ecosystem, the Canvas breach has highlighted the growing vulnerability of large-scale education infrastructure.

Instructure Confirms Agreement With Hackers

US-headquartered Instructure -- which operates Canvas LMS confirmed that it has reached an agreement with the hackers behind April’s cyberattack, which impacted an estimated 9,000 institutions across the United States, Canada, Australia and the United Kingdom.

Breach Disrupted Exams And Institutional Operations

Reports said the breach led to widespread disruption, including interruptions during exams after the Canvas platform went down.

The attackers had claimed to have stolen around 3.5 terabytes of student and institutional data and threatened to publish it online unless a ransom was paid.

Hackers Claim Stolen Data Has Been Deleted

Reports suggest that Instructure said the hackers have claimed to have deleted the stolen data and assured that no customers would be further extorted under the agreement.

While the company has not confirmed any financial transaction, cyber experts note that such agreements are often associated with ransom negotiations conducted through encrypted channels.

Agreement Includes Data Deletion Verification

According to Instructure, the agreement includes confirmation that the data has been returned, digital verification of its deletion and assurances that affected customers will not be targeted further.

Shiny Hunters Group Claimed Responsibility

The breach was discovered on April 29 and claimed by the Shiny Hunters extortion group, which has previously been linked to multiple global cyber incidents.

Notably, Canvas LMS, a learning management system, was impacted by both the data breach and service outage.

Investigation Into User Data Exposure Continues

Instructure said it was investigating a cybersecurity incident involving certain user data, including names, email addresses, student ID numbers and messages exchanged among users.

The company added that there was no evidence that passwords, dates of birth, government identification numbers or financial information were accessed in the breach.

(Except for the headline, this article has not been edited by FPJ's editorial team and is auto-generated from an agency feed.)