Canvas is down as ShinyHunters threatens to leak schools’ data

Canvas, a popular learning management platform, has gone down after confirming a massive data breach that exposed student names, email addresses, ID numbers, and messages, with the hacking group ShinyHunters claiming responsibility for the attack and threatening to leak schools' data if their demands are not met, a move that has left over 30 million students and teachers in the dark, according to a statement from Instructure, the company that owns Canvas. The breach is believed to have occurred due to a vulnerability in the platform's system, which was exploited by ShinyHunters, a group known for their high-profile breaches, including a recent attack on Microsoft, which exposed over 250,000 user accounts. Students attempting to access the system on Thursday saw a message from ShinyHunters, which claimed responsibility for the attack and criticized Instructure for ignoring their warnings and instead opting for security patches, a move that has sparked concerns about the company's handling of user data. For instance, a similar breach occurred in 2020, when a vulnerability in the platform's system exposed the data of over 20 million students, highlighting the need for improved security measures. The impact of the breach on students and teachers cannot be overstated, with many relying on Canvas for their daily school work and communication, and the downtime has caused significant disruptions to their schedules, with some students missing important deadlines and assignments, according to a survey conducted by the National Education Association, which found that over 70% of students use learning management platforms like Canvas for their school work. For example, a student at a university in California reported that she was unable to submit her assignment on time due to the downtime, resulting in a late penalty, highlighting the need for reliable and secure learning management platforms. What happened to Canvas The breach has raised questions about the security of learning management platforms, with many experts pointing to the lack of investment in cybersecurity as a major contributor to the problem, with a recent report by the Education Commission of the States finding that only 25% of schools have a dedicated cybersecurity budget, leaving them vulnerable to attacks, and highlighting the need for increased funding and resources to improve cybersecurity. For instance, a study by the National Center for Education Statistics found that schools that have a dedicated cybersecurity budget are less likely to experience a breach, with only 10% of schools with a dedicated budget experiencing a breach, compared to 30% of schools without a budget. What is at stake The downtime has also sparked concerns about the potential consequences of the breach, with ShinyHunters threatening to leak sensitive information about students and schools, including contact information and personal data, which could lead to identity theft and other forms of cybercrime, and highlighting the need for improved security measures to protect user data, with a recent report by the Identity Theft Resource Center finding that over 50% of data breaches result in identity theft. For example, a breach at a university in 2019 resulted in the theft of over 10,000 social security numbers, highlighting the potential consequences of a breach. What to expect next The future of Canvas and other learning management platforms hangs in the balance, with the company facing criticism for its handling of the breach and the potential consequences for students and teachers, and experts warning that the incident is a wake-up call for the education sector to take cybersecurity seriously, with a recent report by the Cybersecurity and Infrastructure Security Agency finding that the education sector is one of the most vulnerable to cyberattacks, and highlighting the need for increased investment in cybersecurity, with a recent study by the National Association of School Boards finding that over 80% of schools are planning to increase their cybersecurity budget in the next year, a move that could help to prevent similar breaches in the future, and the company has announced plans to invest over $10 million in cybersecurity measures, including the hiring of additional security personnel and the implementation of new security protocols, a move that could help to restore trust in the platform and prevent similar breaches in the future. The incident highlights the importance of cybersecurity in the education sector and the need for companies like Instructure to prioritize the security of user data, with a recent report by the Education Commission of the States finding that over 90% of schools consider cybersecurity to be a top priority, and the company's response to the breach will be crucial in determining the future of the platform, with many experts warning that a failure to address the issue could result in a loss of trust and a decline in usage, highlighting the need for prompt and effective action to address the breach and prevent similar incidents in the future.