Data breach halted after affecting multiple Swedish universities
A global hacker attack targeting several Swedish universities has been stopped, according to a report by public broadcaster SVT.
The attack, carried out by the hacker group Shinyhunters, targeted the American company Instructure, which operates the learning platform Canvas. The breach affected thousands of educational institutions worldwide, including over 30 Swedish universities and colleges such as Chalmers, KTH, Luleå University of Technology, Gothenburg University, and Uppsala University.
Canvas is used for study information, submissions, and communication between students and teachers. Personal data, including names, email addresses, and messages, were part of the leak.
The hacker group had threatened to release the stolen data unless an agreement was reached with Instructure by Tuesday. However, the threat has since been removed from the group’s website, and Instructure has confirmed reaching a settlement, according to Swedish newspaper Dagens Nyheter (DN).
Eric Leijonram, Director-General of Sweden’s Integrity Protection Authority (IMY), criticized the company’s reported negotiation with the attackers. He warned that engaging in such negotiations and paying ransoms rarely leads to positive outcomes.
“If you enter into negotiations and pay a ransom to a criminal actor, it rarely leads to anything good,” Leijonram said. He highlighted risks such as exposing vulnerabilities, encouraging further attacks, and the potential for data to be leaked again. He also noted that paying a ransom effectively supports criminal activity.
Leijonram emphasized that the best defense against cyberattacks is robust security measures to prevent breaches in the first place. While Instructure reportedly received confirmation that the hackers had deleted the stolen data, Leijonram stressed that such assurances are unreliable.
“Generally, you don’t have that control. It’s difficult to negotiate with these types of actors, both in terms of paying a ransom and ensuring that the data stops spreading and causing harm,” he said.
SVT attempted to contact Instructure but did not receive a response.