Canvas, the widely used educational platform, faced a crippling cyber-attack last week that impacted nearly 9,000 universities and colleges across the US, Canada, Australia, and the UK. The breach disrupted exams and sent shockwaves through the global academic community.
Hackers Threaten to Leak 3.5 Terabytes of Sensitive Data
The attackers seized an enormous trove of data—approximately 3.5 terabytes—containing sensitive student and institutional information. They threatened to publish this stolen data online, risking severe privacy violations and reputational damage for thousands of educational institutions.
Instructure Strikes Controversial Deal with Cybercriminals
In an unprecedented move, Instructure, the developer behind Canvas, confirmed it has negotiated a settlement with the hackers. The cybercriminals agreed to delete the stolen data and pledged not to extort students or universities further. This agreement, though aimed at safeguarding personal information, runs counter to global law enforcement advice.
Risks of Paying Ransoms to Cybercriminals
Security experts and police agencies worldwide strongly discourage paying ransoms, warning it encourages more attacks and offers no guarantee that data will be permanently erased. History shows many criminals accept payments yet retain stolen information for resale or future exploitation.
For instance, after the National Crime Agency infiltrated the notorious LockBit ransomware group, they discovered that even after ransom payments, stolen data remained intact and undeleted.
Instructure’s Commitment to Protecting Educational Data
Instructure emphasized on its official website that its foremost priority remains the protection of students’ and education staff’s personal data. The company’s decision reflects the immense pressure to mitigate damage swiftly amid a rapidly evolving cyber threat landscape.
