EdTech Company Instructure Reports Data Breach Following Hacker Threats
Instructure Discloses Data Breach Following Cyberattack
Instructure, a leading provider of education technology solutions, recently announced a data breach resulting from a sophisticated cyberattack. The breach impacted its popular Canvas platform, affecting numerous educational institutions and organizations globally.
- The breach occurred on April 30 and primarily targeted the Canvas Data 2 platform, causing disruptions to tools reliant on API keys.
- The attack was largely contained by May 3, with access to the Canvas Data 2 platform being fully restored.
The attackers claimed to have stolen 3.65 terabytes of data, which they published on their leak site. This stolen information allegedly belongs to 275 million students, teachers, and other individuals at nearly 9,000 education institutions worldwide.
- Instructure’s Salesforce instance was also compromised during the attack.
- The company has not released further information regarding the number of institutions and users affected by the breach or the identity of the threat actor behind the attack.
Following the breach, Instructure has taken steps to address the issue, including:
- Revoking privileged credentials and access tokens
- Deploying security fixes
- Implementing additional monitoring
- Issuing reissued application keys, requiring users to reauthorize access to tools
The breach has resulted in significant reputational damage and potential regulatory scrutiny for Instructure. It highlights the importance of robust cybersecurity measures in protecting sensitive information and maintaining trust among customers and stakeholders.
This incident serves as a reminder of the ongoing threat landscape and the need for organizations to prioritize cybersecurity preparedness. By investing in robust security measures and staying vigilant against emerging threats, organizations can mitigate the risk of data breaches and protect sensitive information.
About Author
English