Congress investigates Canvas breach as company pays ransom

The US Congress has launched an investigation into the recent breaches of Instructure's Canvas online platform, summoning CEO Steve Daly to testify about the incidents. The breaches, which occurred within a two-week period, have raised concerns about the platform's security. Instructure has since reached an agreement with the extortion crew ShinyHunters, reportedly paying a ransom to prevent further data leaks. The House Homeland Security Committee has requested a briefing from Daly or a senior representative to discuss the circumstances surrounding the breaches and the measures taken to prevent future incidents¹. The investigation highlights the growing concern about the security of educational technology platforms, which often handle sensitive student data. The fact that Congress is involved underscores the severity of the issue, and practitioners should take note of the potential risks associated with such platforms, as the consequences of a breach can be severe and long-lasting.