Security Incidents

US lawmakers probe Instructure over Canvas breaches

House representatives demand answers after hackers twice breached the education platform used by millions of students.

Illustration: US lawmakers probe Instructure over Canvas breaches

House representatives demand answers after hackers twice breached the education platform used by millions of students.

Summary

  • US House lawmakers are investigating Instructure following two separate data breaches of Canvas platform
  • Hackers stole student data from the widely-used education technology software
  • Congressional inquiry seeks details on how the breaches occurred and what data was compromised

US House lawmakers are demanding answers from education technology company Instructure following two separate data breaches that compromised student information on its Canvas learning management platform.

The congressional inquiry comes after hackers successfully infiltrated Instructure’s systems twice, accessing data belonging to students who use Canvas, according to TechCrunch.

Canvas is widely used across educational institutions, making it a significant target for cybercriminals seeking to access sensitive student information.

The lawmakers are seeking detailed information about how the breaches occurred and what specific data was stolen during the incidents. The investigation represents growing congressional scrutiny of cybersecurity practices at companies handling sensitive educational data.

Instructure has not yet publicly disclosed the full scope of the breaches or the timeline of events. The company’s response to the congressional inquiry will likely determine next steps in the investigation.

Why It Matters

This incident highlights the regulatory and reputational risks facing organisations that handle educational data. CISOs in the education sector should expect increased scrutiny from lawmakers and regulators following high-profile breaches.

The congressional response demonstrates how data breaches affecting students can trigger government investigations, potentially leading to new compliance requirements and oversight measures for education technology providers.

What To Do Now

  • Monitor developments in the Instructure investigation for potential regulatory changes affecting education technology security requirements
  • Review data security controls if your organisation uses Canvas or similar education platforms
  • Assess incident response procedures for potential congressional or regulatory inquiries following data breaches

Sources

Related Posts