"The House Homeland Security Committee is investigating the hacks and data breach as it has jurisdiction over government activities relating to homeland security, the committee's chair, Representative Andrew Garbarino, wrote in a letter to Instructure chief executive Steve Daly. U.S. cybersecurity agency CISA has been called in to help with the incident."
"The committee seeks Daly's testimony to address how hackers repeatedly broke into Instructure's systems, and to disclose the types of data that were taken, Garbarino said in the letter, which cites TechCrunch's reporting. The letter also says lawmakers want to know how the company is responding to the attacks and notifying affected schools, and seek to examine the adequacy of its coordination with CISA."
"Instructure, which makes the popular Canvas school information portal software, has faced criticism for its response to the attacks, especially after it conceded that the hackers abused the same vulnerability to both steal reams of sensitive student data and later deface school login pages."
"Instructure confirmed this week that it "reached an agreement" with the hackers, and claimed the hackers provided evidence that they had deleted the stolen data. A representative for the ShinyHunters hackers told TechCrunch that they would not continue to extort the company or its customers, but declined to say how much the company had paid as ransom."
U.S. House Homeland Security Committee lawmakers are investigating cyberattacks against Instructure, an education software maker whose systems were breached twice. The committee seeks testimony from Instructure’s CEO about how hackers repeatedly accessed the systems, what types of personal data were taken, and how the company is responding and notifying affected schools. The committee also wants to assess the adequacy of Instructure’s coordination with CISA. Instructure’s Canvas software has faced criticism for its response, including acknowledgment that the same vulnerability was abused to steal sensitive student data and later deface school login pages. Instructure said it reached an agreement with the hackers and claimed the stolen data was deleted, while experts warn that paying can fund future attacks and that deletion claims may be unreliable.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]