The company behind the Canvas online learning platform has announced a resolution with hackers who had stolen data during a cyberattack, which disrupted many students, particularly during their finals.
Instructure, the owner of Canvas, revealed in an online statement that an arrangement had been made with the unauthorized individuals involved in the incident.
Details of this agreement, including any financial aspects or the identity of the hackers, were not disclosed. During the investigation, Instructure took the platform offline, preventing students and faculty from accessing it.
Steve Daly, CEO of Instructure, issued an apology regarding the breach.
“Our communication with you was lacking during this time, and for that, I apologize,” Daly expressed.
The hacking group known as ShinyHunters took responsibility for the attack last week. They threatened to release data from nearly 9,000 educational institutions globally, affecting 275 million people, unless a ransom was paid by May 6. The deadline was later extended as some schools began negotiations with the group.
As part of the deal, the data was returned to Instructure. The company said Monday it also received “digital confirmation” the hackers destroyed any remaining copies, in the form of “shred logs.”
The company acknowledged there was no way to be sure the data was erased for good, and said it took action because of concerns about potential publication of the data.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said.
The data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform, Instructure’s chief information security officer, Steve Proud, said earlier this month. The company found no evidence that passwords, dates of birth, government identification or financial information were compromised, it said.
The company said it was working with “expert vendors” to do a forensic analysis, “further harden” its systems, and carry out a “comprehensive review of the data involved.”
The disruption caused panic last week among students and faculty members when they were locked out of a platform they rely on to manage grades and access course notes and assignments.
Schools and universities use Canvas to manage nearly all aspects of instruction. The platform acts as a gradebook, a hub for digital lectures and course materials, a discussion board for classroom projects, and a messaging platform between students and instructors.
Some courses also give quizzes and exams on the platform, or use it as a portal where final projects and papers are submitted on deadline.
