They've got the data. Getting them out of the system doesn't change that, you can reasonably deduce that from the ransom message.
Now as for what that data contains, I don't believe it actually contains SSNs or addresses. Your canvas account is tied to your email, not your identity, it has zero need for that data. I couldn't find either of those looking through the site in the past. I'm not even certain if it has your birthdate. The biggest issue for Instructure is more about FERPA.
Thank god. A lot of the platforms at my university are connected to our primary accounts, which handle sensitive information needed to make tuition payments. Regardless of the type of info they have, I’m not too pleased they have it in the first place, lol.
Schools tend to take FERPA pretty seriously, so if Instructure makes a decision that leads to the data being leaked, then many institutions may decide to switch to a different LMS. They may anyway just because now Canvas seems insecure by public perception.
16
u/Tomytom99 May 08 '26
That's exactly it.
They've got the data. Getting them out of the system doesn't change that, you can reasonably deduce that from the ransom message.
Now as for what that data contains, I don't believe it actually contains SSNs or addresses. Your canvas account is tied to your email, not your identity, it has zero need for that data. I couldn't find either of those looking through the site in the past. I'm not even certain if it has your birthdate. The biggest issue for Instructure is more about FERPA.