Subscribe

Canvas defends paying off hackers who disrupted online university platform

Canvas operator Instructure paid a ransom to hackers after a cyberattack disrupted colleges and universities during finals week and threatened to expose private user data.

Hackers tied to the…

Canvas operator Instructure paid a ransom to hackers after a cyberattack disrupted colleges and universities during finals week and threatened to expose private user data.

Hackers tied to the group ShinyHunters claimed they obtained information connected to roughly 275 million users at more than 8,800 colleges and universities. Instructure did not disclose the amount of money it paid the group, the College Fix reports.

The attack caused widespread problems at schools worldwide last week. Students lost access to coursework, exams and assignments as colleges rushed to respond near the end of the semester.

Some schools postponed exams while others warned students not to log on to the platform.

Instructure defended the decision to negotiate with the hackers.

“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the company said in a statement.

The company also said the hackers agreed to destroy the stolen data after receiving payment.

Instructure said it “received digital confirmation of data destruction (shred logs)” and assurance “that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.”

The outage showed how heavily many colleges and universities depend on centralized online systems. When Canvas went offline, schools across the United States and other countries immediately faced disruptions.

At Liberty University, a private Christian school in Virginia, administrators acknowledged the outage came at a tough time for students preparing for final exams and projects.

“We understand the impact this disruption is having and want to reassure you that appropriate class extensions will be provided,” the university said in a campus-wide email.

ShinyHunters reportedly shut down the platform last week and demanded payment by May 12. The group threatened to leak personal information tied to millions of accounts if Instructure refused to pay the ransom.

The stolen information involved users connected to thousands of educational institutions.

ShinyHunters has committed many cybercrimes in recent years. The group reportedly uses phishing scams and security weaknesses to hack into online systems and steal data.

Tech reports linked the group to tens of millions of stolen records in previous attacks.

The breach also raised concerns about whether colleges and universities adequately protect student information as they move more coursework, communication and testing online. Many schools now heavily rely on technology systems that can leave students and faculty vulnerable when hackers target them.