Canvas Learning Portal Hacked, Exposing Student Data Worldwide

Severity: High (Score: 66.5)

Sources: Rnz.Co.Nz

Summary

The Canvas learning portal, used by 9,000 institutions globally, was hacked last week, compromising names, email addresses, phone numbers, and messages between students and staff. The breach rendered the system inoperable for two days before it was restored. Experts warn that the system is now more vulnerable to future attacks due to the hackers' access to the code. University of Auckland's Ulrich Speidel expressed concerns about the lack of cybersecurity prioritization among organizations using third-party applications. Instructure, the company behind Canvas, has reportedly reached an agreement with the hackers, recovering the stolen data. Cybersecurity commentator Anthony Grasso emphasized the need for legislative changes to enforce stricter cybersecurity measures. The New Zealand government is considering penalties for data breaches under the Privacy Act, which could hold universities liable for such incidents. Key Points: • The Canvas system was hacked, affecting 9,000 institutions and exposing sensitive student data. • Experts warn of increased vulnerability to future attacks due to the hackers' access to the system's code. • Legislative changes are being considered to enforce stricter cybersecurity measures for organizations.

Key Entities

• Data Breach (attack_type)
• Auckland University Of Technology (company)
• AUT (company)
• Instructure (company)
• University Of Auckland (company)
• Victoria University Of Wellington (company)
• New Zealand (country)
• hackers.as (domain)
• Canvas (tool)