Mastodawn

Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.

Show thread

RossMadness 6d ago

@cR0w I'll never understand this logic. "How do you know the morally bankrupt cybercriminals actually got rid of your data?"

"They gave us a receipt."

Yeah...sure...

Show thread

nyanbinary 6d ago

@rossmadness @cR0w but but but... their business relies on being trustworthy! They need to, otherwise the industry suffers! And no one would ever act against their industries interest! All the cybertalkingheads told me!!!

Show thread

RossMadness

@nyanbinary @cR0w I was discussing the Instructure hack with a friend who works for a school district and he stated that almost exactly. I told him that yes, that makes sense if we believe they care about "organization reputation" in the same economic incentive driven context as a regular business. Which I highly doubt. But let's assume they do follow this logic.

What keeps them from selling a copy quietly to another criminal and then THAT criminal actions the data somewhere else without directly saying "Instructure". TAs double dip and keep their "reputation" intact.