Instructure data breach: Hofstra University, two LI school districts impacted
Hofstra University and two Long Island school districts were affected by a cyberattack on Canvas, an education platform, where an unauthorized user accessed user data including names, email addresses, and student IDs on April 29. The hacker group ShinyHunters claimed responsibility, demanding a ransom with a May 12 deadline and threatening data leaks if unpaid.
A cyberattack on Canvas, an online learning and management system used by 8,000 institutions, compromised data for users at Hofstra University and two Long Island K-12 school districts. The breach, confirmed by Instructure—the platform’s parent company—occurred on April 29, exposing names, email addresses, student ID numbers, and messages, though no passwords, birthdates, government identifiers, or financial data were involved. The attack disrupted Canvas operations, with the platform temporarily down and pages defaced just before final exams and deadlines. Instructure stated the system was restored but maintained that Beta and Test environments remained under maintenance. Hofstra University alerted students to the outage and warned against unsolicited communications, while Nassau BOCES confirmed two unnamed Long Island school districts were also impacted. The hacker group ShinyHunters claimed responsibility, setting a May 12 deadline for a potential ransom payment or risking data leaks. This group previously targeted ADT in April. Instructure responded by revoking credentials, deploying platform-wide protections, rotating internal keys, and restricting access pathways. They also engaged a third-party forensic firm and notified law enforcement to mitigate further threats. The company emphasized ongoing efforts to secure its systems while investigations continue.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.