Canvas owner secures student data in deal with hacking group

The US parent company of online learning system Canvas said Monday that it has reached a deal with a hacking group which stole student and school data on the educational platform. 

What's the latest?

Instructure said in a statement posted online that it "reached an agreement with the unauthorized actor involved in this incident."

The company said "the data was returned to us" and "we received digital confirmation of data destruction (shred logs)."

"No Instructure customers will be extorted as a result of this incident, publicly or otherwise," the statement read. "This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor."  

Instructure first said it was probing a cybersecurity incident in regards to Canvas on May 1.  

Hacking group ShinyHunters claimed responsibility for the breach in a May 3 post on its website. ShinyHunters said it seized roughly 6.65 terabytes of Canvas data in the hack.

The group said it would release data tied to nearly 9,000 schools worldwide if the educational institutions did not pay a ransom by May 6. ShinyHunters then pushed back the deadline as it said negotiations were underway with some schools. 

ShinyHunters is reportedly made of young adults and teenagers in the US and UK and has earlier been accused of carrying out a hack on online sales platform Ticketmaster.      

Canvas 'fully operational and remains safe to use'     

Instructure CEO Steve Daly apologized for the hack and said Canvas "is fully operational and remains safe to use."

"Over the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn't get answered. You deserved more consistent communication from us, and we didn't deliver it. I'm sorry for that," Daly said.  

Usernames, email addresses, course names, enrollment info and messages were some of the info compromised in the hack, Daly said. 

Canvas serves as a hub for digital and course materials, a gradebook, and a platform for instructors and students to speak with one another. 

The hack impacted some universities during the final exam period, with students unable to access review materials on the Canvas platform due to the hack. The University of Massachusetts at Dartmouth and the University of Illinois were among those institutions postponing exams because of the breach.  

Edited by: Jenipher Camino Gonzalez