This story was originally published by EdSource. Sign up for their daily newsletter.
Access to data stolen from education platform Canvas last week has been returned to the platform’s parent company Instructure, according to a statement from the company on Monday.
The hacking group ShinyHunter, which claimed it broke into 275 million individuals’ data and had access to private messages, reached an agreement with Instructure after posting a ransom note to “negotiate a settlement” on the homepages of schools and universities like Harvard, Columbia and Princeton University.
The data included information like usernames, email addresses, course names and enrollment information, whereas course content, submissions and credentials were not exposed, the company stated.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the company said. Instructure said it received digital confirmation of the destruction of stolen data and that Canvas now is available for use.
Students at CSU campuses had regained access to Canvas on Friday, with administrators advising students to “use caution” and download important documents for added security. UC campuses also regained access on Monday, with administrators warning students and staff to “remain vigilant regarding potential phishing attempts or suspicious communications.”
The cyberattack came as students across colleges and universities prepared for or took their final exams.
“Frankly, it’s coming at the worst time possible,” CSU Northridge student Alfonso Vargas told ABC News last week. “It’s during finals week. Teachers are finding out right now. I’m a little worried whether they extend the deadline or not, because I have a term paper due…I hope this can be figured out as soon as possible.”
