The Biggest Student Data Privacy Disaster in History
Thursday afternoon, millions of students across thousands of universities and K-12 schools were locked out of Canvas, a comprehensive education technology software that has become the de facto core for many classes. ShinyHunters, a ransomware group, hacked into Canvas’s parent company and reportedly stole “billions” of messages and accessed more than 275 million individuals’ data, according to the hacking group. The group also locked students out of Canvas. Later Thursday, Instructure, which makes Canvas, was able to mostly put Canvas back online; it is not clear if the company paid a ransom or not. The breach highlights the danger in centralizing educational and personal data of millions of students through a single service. Canvas serves as a portal for teachers to post assignments, lectures, have discussion boards, and allows students to message with each other and their teachers and connect with other education tech software.
Key Takeaways
- The hack is the biggest student data privacy disaster in history due to its scale and sensitive nature of what was stolen.
- It underscores the danger in centralizing all educational and personal data in a single service like Canvas.
- Students should have been warned about this breach days ago, according to Ian Linkletter, a digital librarian specializing in emerging education tech.
Instructure noted that the stolen data includes “certain personal information of users at affected organizations,” which includes names, email addresses, student ID numbers, and messages among Canvas users. Instructure also mentioned that this breach occurred twice—once on April 29 and again on Thursday.
Ian Linkletter, a digital librarian with over 20 years in education tech, was sued by Proctorio but eventually the case was dropped. Linkletter believes this is the biggest student data privacy disaster in history because of its scale and sensitive nature, including messages between students and teachers that could be used for phishing attacks.
The hack also raises concerns about institutional response. Students should have been warned days ago rather than only after they received a notification. The longer schools wait to inform students about what is going on, the more stress and potential risk to student privacy and safety are at stake.
Originally published at 404media.co. Curated by AI Maestro.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.