A cybercriminal hacking group that stole data from the educational tool Canvas in April has been directly contacting affected schools and universities to negotiate, a source familiar with the matter told Reuters.
The group, ShinyHunters, claimed on May 3 to have stolen roughly 6.65 terabytes of data from nearly 9,000 schools worldwide, including student names, email addresses, and private messages between students, teachers, and staff.
Student newspapers reported widespread disruption as students prepare for end-of-year tasks. On May 5, the group posted a message saying Canvas parent company Instructure had not contacted them, adding that their demand "was not even as high as you might think it is." The post included a list of roughly 1,400 schools and invited them to negotiate directly.
Instructure acknowledged the breach on May 1, saying the compromised data included user names, email addresses, student ID numbers, and messages. On May 6, the company said the situation was resolved and Canvas was fully operational.
On May 7, students at multiple schools reported seeing a note from ShinyHunters when logging into Canvas. Instructure briefly took Canvas offline but restored access after four hours.
ShinyHunters has since removed its posts, declining further comment. Extortion groups often remove claims when a target has paid or is negotiating.
Montgomery County Public Schools in Maryland said they are continuing to restrict Canvas access "until all services have been reviewed and confirmed safe for use."
Canvas has 30 million active users, according to Instructure.