Education technology company Instructure over the weekend scrambled to restore services affected by a cyberattack that also resulted in a data breach.
Based in Salt Lake City, Utah, the edtech firm is best known for Canvas, one of the most widely used learning platforms across educational institutions and other organizations.
Disclosed on April 30, the cyberattack was blamed for “disruption to tools relying on API keys” and was largely addressed by Sunday, May 3, when access to the Canvas Data 2 platform was restored.
On May 1, Instructure announced that the incident was perpetrated by cybercriminals and that it had retained outside forensics experts to investigate.
“We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact,” the company said.
The next day, Instructure announced that the attack had been contained and that certain application keys had been reissued, requiring users to reauthorize access to tools.
The edtech firm also revoked privileged credentials and access tokens, deployed fixes to improve security, and implemented additional monitoring.
Instructure also revealed that the attackers gained access to personal information such as names, email addresses, and student ID numbers. User messages were also compromised.
“At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved,” the company said.
Instructure has not shared details on how many institutions and users were affected, nor on the threat actor behind the incident.
On May 3, the infamous ShinyHunters extortion group added Instructure to its Tor-based leak site, claiming the theft of 3.65 terabytes of data.
The threat actor claims the stolen information belongs to 275 million students, teachers, and other individuals at close to 9,000 education institutions worldwide, and that Instructure’s Salesforce instance was also compromised.
SecurityWeek has emailed Instructure for additional information on the attack and will update this article if the company responds.
Related: Sandhills Medical Says Ransomware Breach Affects 170,000
Related: Checkmarx Confirms Data Stolen in Supply Chain Attack
Related: Vimeo Confirms User and Customer Data Breach
Related: Luxury Cosmetics Giant Rituals Discloses Data Breach
