Canvas Hack: Company Pays Ransom to Delete Data
In a shocking move, the company behind Canvas has paid hackers to delete stolen student data after a massive cyber-attack. This decision raises questions about the ethics of paying cyber criminals and the safety of student information.
The Canvas Cyber Attack
The recent cyber-attack on Canvas, affecting around 9,000 educational institutions across the US, Canada, Australia, and the UK, has sent shockwaves through the academic community. Instructure, the company behind Canvas, confirmed that it reached an agreement with the hackers to delete the stolen data, which included 3.5 terabytes of sensitive student and university information.
Despite the company's assurance, paying hackers contradicts law enforcement advice and raises concerns about the effectiveness of such actions. Previous incidents have shown that criminals often do not follow through on promises to delete data, leaving victims vulnerable to future extortion attempts.
- Key points about the incident:
- The breach was discovered on April 29 and claimed by the Shiny Hunters group.
- Instructure stated that it received digital confirmation of data destruction.
- The agreement reportedly covers all affected customers, eliminating the need for individual negotiations with hackers.