Shortly after 4 p.m., Instructure, the parent company of Canvas, was hacked by ShinyHunters, a criminal hacker and extortion group. The Canvas webpage for many schools, including Brown, was placed under ransom along with some student data held on the platform.
According to a ransom note posted on the Canvas website, ShinyHunters stated that universities have until May 12 to “negotiate a settlement.” The note was taken down around 4:43 p.m., and the site now displays a page stating that it is undergoing “scheduled maintenance.”
At 4:41 p.m, Instructure wrote that they “are currently investigating this issue” on their status website.
ShinyHunters — a group known for their breaches of large organizations, including many education software companies — first breached Instructure on May 3, the Daily Pennsylvanian reported.
A May 4 announcement from Canvas@Brown stated that a “data security incident involving Instructure” occurred and that security measures had been taken. The May 4 announcement also stated that passwords, dates of birth and government identifiers, including social security numbers, “were not compromised.” The University has not yet issued a statement on Thursday’s incident.
The University and Instructure did not immediately respond to requests for comment.
This is a developing story. Check back for more updates.
Ian Ritter is a university news and science & research editor, covering graduate schools and students. He is a junior concentrating in chemistry. When he isn’t at The Herald or exploding lab experiments, you can find him playing the clarinet or watching the Mets.
Emily Feil is a university news and metro editor covering staff & student labor and RISD. She is from Long Beach, NY and plans to concentrate in English and international & public affairs. In her free time, she can be found watching bad TV and reading good books.
