Gabriella Mateo | Staff Writer
On May 7, Canvas, the learning management service within Instructure, was victim of a ShinyHunters cyberattack with an attached ransom note, threatening to leak private information unless universities paid a ransom.
ShinyHunters is a prominent cybercrime group linked to hacking Ticketmaster, Grubhub, SoundCloud, Google, AT&T Wireless, Microsoft and several other platforms since its start in 2019.
According to CNN, hackers claimed to have breached 275 million Canvas users’ data and had access to “several billions of private messages”.
FIU released a university-wide email stating that they were “conducting a thorough review to verify the integrity and security of the platform before restoring access for university use”.
Instructure released a statement that ensured that an agreement was reached, involving the return and destruction of stolen data. It is unsure at this time if the parent company paid ShinyHunters’ ransom amount.
The university sent out a follow-up email on May 11 warning students about possible phishing attempts, informing students that hackers may use their Panther ID to seem legitimate.
In this email, FIU emphasized that the university would never ask for students’ passwords for their Canvas accounts.
FIU Public Affairs was not available for further comment outside of its public email releases.
As this was a nationwide issue, the FBI released a statement announcing its awareness of this cyberattack and instructing citizens to “not send payment or respond to their demands”. Additionally, the FBI informed the public that receiving this ransom note does not mean personal data has been compromised.
They asked that those who believe they have been impacted by the attack file a complaint at the Internet Crime Complaint Center.
About Post Author
