

























An article from
Dive Brief
The ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.
Instructure, on its homepage, touts itself the “most-visited education website in the world.” The company operates several ed tech products for K-12 schools, including the widely used Canvas learning management system.
Canvas has over 6 million “concurrent users,” according to Instructure’s website. Instructure did not explicitly say the breach had affected Canvas, but did report it was investigating disruptions to some Canvas tools and putting the learning management system under maintenance around the same time it announced the data breach.
Upon request for comment and further details regarding the cybersecurity incident, Instructure told K-12 Dive in a Tuesday email to check the company’s status page, where it said updates on the breach would be provided as they become available.
In response to the incident, Instructure said on its status page, the company has revoked privileged credentials and access tokens related to the affected systems, deployed patches to increase system security, and heightened monitoring across all of its platforms.
The incident at Instructure marks the latest known data breach for a large ed tech vendor with sweeping implications for districts’ sensitive student and staff data.
Other recent high-profile cyberattacks targeted PowerSchool, a cloud-based K-12 software provider, and Illuminate Education, a student information system provider.
A Monday newsletter post by K12 Security Information eXchange, a K-12 cybersecurity nonprofit, said “small and medium businesses — including the majority of U.S. K-12 education software businesses — are frequent cybersecurity targets.” Some 59% of small and medium-sized enterprises experienced a cyberattack in the past year, according to research K12 SIX cited from Hiscox, an insurance company.
Ed tech companies are increasingly facing heightened accountability over cybersecurity from federal regulators and in the courts. In recent months, for example, the Federal Trade Commission reached a settlement with Illuminate over its 2021 data breach, while PowerSchool announced a $17.25 million settlement in the handling of student data on the Naviance platform.
Although these cases are “likely to shape market behavior,” K12 SIX said, they “won’t do enough in and of themselves to stem the tide.”
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。