The Biggest Student Data Privacy Disaster in History: Canvas Hack Shows the Danger of Centralized EdTech
Thursday afternoon, millions of students at thousands of universities and K-12 schools were locked out of Canvas, a piece of catch-all education technology software that has become the de facto core of many classes. ShinyHunters, a ransomware group, hacked Canvas’s parent company and apparently stole “billions” of messages and accessed more than 275 million individuals’ data, according to the hacking group. The group also locked students out of Canvas.
Later Thursday, Instructure, which makes Canvas, was able to mostly put Canvas back online; it is not clear if the company paid a ransom or not. The breach demonstrates the danger in centralizing the educational and personal data of millions of students in a single service. Canvas is essentially a portal where teachers post assignments and lectures, have discussion boards, and students can message with each other and their teachers and connect with other pieces of education tech software.
Instructure noted on an incident update page that the stolen data includes “certain personal information of users at affected organizations. That includes names, email addresses, student ID numbers, and messages among Canvas users.” Instructure also noted that it was breached twice—once on April 29 and again on Thursday.
Soon after the hack, I called up Ian Linkletter, a digital librarian specializing in emerging education tech, to talk about the implications of the breach. Linkletter has worked in education tech for 20 years and over the last few years has become known for exposing privacy concerns in Proctorio, a remote test proctoring software that rose to prominence during the early days of the COVID-19 pandemic. Linkletter was sued by Proctorio but eventually the case was dropped.
Key Takeaways
- The Canvas hack is considered the biggest student data privacy disaster in history due to its scale and sensitive nature of what was stolen.
- This incident highlights the dangers of centralizing educational and personal data in a single service like Canvas, which is relied upon for everything from communications to grading.
- Students should have been warned about this breach days earlier, as schools responded only after students were directly notified. This raises concerns about student privacy and safety.
Note: The original article has been modified to fit British English conventions without altering the key facts or figures.
For more details on this story, see this source.
For a deeper dive into the implications of this breach, read this article by Ian Linkletter.
To stay updated on the situation, follow Instructure’s incident update page.
If you have any questions or need further information, please feel free to ask.
Originally published at 404media.co. Curated by AI Maestro.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.