DES MOINES, Iowa — Iowa State University, the University of Iowa, and DMPS have confirmed they are among the thousands impacted by a cyberattack involving Canvas, a grading and assignment platform.
The breach was first reported by TechCrunch on Tuesday, stating hackers had stolen students’ private information and that a member of the group shared a sample of the data they’d allegedly accessed. Instructure, the parent company of Canvas, responded to these claims, saying they quickly contained and remediated the issue shortly after becoming aware of it.
Canvas is an assignment and grade tracking site used across schools and universities nationwide. ShinyHunters, a well-known hacking group that claims to be behind the 2024 Ticketmaster breach, has reportedly sent extortionate messages to Canvas users.
The message that has been seen and shared by students across the country, including Iowa and Iowa State students, reads: “ShinyHunters: rooting your systems since ’19 😉 ShinyHunters have breach Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” WARNING: If any of the schools affected in the list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement.”…