Comment by garciasn

10 hours ago

I’m not certain, but it appears you’re giving Instructure a pass here, as if this is the first time they were hacked. But, it’s the second, by the same group.

As a parent of kids who are impacted by this, I’m not super concerned about the data being held for ransom, but I sure as fuck am concerned about how much it’s going to cost the district to move to another provider.

2 comments

garciasn

Reply
JumpCrisscross  9 hours ago

> I sure as fuck am concerned about how much it’s going to cost the district to move to another provider

Does Canvas have cybersecurity insurance?

MattSteelblade  9 hours ago

Not at all; standard IR procedure is scope -> containment -> eradication -> recovery. There is a fog right now; we don't know all the details. It seems to me that it's just as likely they weren't fully kicked out before or that the initial vulnerability wasn't remediated. You can't recover until the threat actor has been removed.