said the company that runs the online learning system Canvas Make a deal With hackers to delete the data they stole in a file Cyber attack This created chaos among the students, many of whom were in the middle of final exams.
Instructure, Canvas’ parent company, said in an online post that it had “reached an agreement with the unauthorized representative involved in this matter.” incident“.
The company did not provide any details about the agreement, including whether it included a payment, nor did it explain who was behind the hack. I took the instructions tentatively Order offline During the investigation, students and faculty are locked out.
A hacking group called ShinyHunters claimed responsibility for the hack last week, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if the schools did not pay a ransom by May 6. The group then extended the deadline, suggesting that some schools had teamed up with them to negotiate.
ShinyHunters was also behind a smaller infrastructure hack last year. A lawsuit filed last week in federal court in Utah alleged that Instructure did not do enough to protect the platform used by millions of students and made itself “easy prey for cybercriminals.”
As part of the deal, the data was returned to Instructure. The company said Monday that it had also received “digital confirmation” that the hackers had destroyed any remaining copies, in the form of “shredded records.”
The company acknowledged that there was no way to ensure that the data would be erased forever, and said it took the action due to concerns about the potential for the data to be published.
“While there is never complete certainty when dealing with cybercriminals, we believe it is important to take every step within our control to give customers more peace of mind, to the greatest extent possible,” Instructure said.
Cybersecurity experts doubted that this was the end of the attack. Cynthia Kaiser, former deputy director of the FBI’s Cyber Division, said the reported deal indicated a ransom would likely be paid.
“What victims must understand is that paying does not eliminate the threat,” Kaiser, now senior vice president of the Halcyon Ransomware Research Center, said in a written statement. “Stolen data will be used against customers and users as long as it remains profitable to do so.”
Steve Proud, chief information security officer at Instructure, said earlier this month that the data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform. The company said it found no evidence that passwords, dates of birth, government identification or financial information were compromised.
The company said it was working with “expert vendors” to conduct forensic analysis, “harden” its systems, and conduct a “comprehensive review of the data involved.”
The disruption caused panic last week among students and faculty when they were locked out of a platform they rely on to manage grades and access course notes and assignments.
Schools and universities use Canvas to manage almost all aspects of teaching. The platform serves as a gradebook, a hub for digital lectures and study materials, a discussion board for classroom projects, and a messaging platform between students and teachers.
Some courses also offer tests and exams on the platform, or use it as a portal through which final projects and papers are submitted by the deadline.
___
Heather Hollingsworth contributed to this report.