Over 72,000 Hong Kong Students, Staff Affected in Global Canvas Hack

Hong Kong's educational institutions are reeling from a significant data breach impacting the Canvas online learning platform, with over 72,000 students and staff affected. This incident, part of a wider global attack, has compromised sensitive personal information, raising serious concerns about data security within the city's academic sector. The Office of the Privacy Commissioner for Personal Data is actively involved, advising institutions on notification and assistance for those affected.

“

The data breaches are part of a global attack that hit almost 9,000 educational institutions worldwide, involving data from 275 million users, according to the platform’s developer, Instructure.

The scale of the breach is alarming, with seven local institutions, including prominent universities like HKUST, PolyU, and CityU, confirming data compromises. Details such as names, email addresses, and student IDs may have been exposed, creating vulnerabilities for phishing attacks and identity theft. The involvement of the ShinyHunters hacker group, known for ransomware tactics, adds a layer of concern, although the platform's developer, Instructure, asserts that a deal was struck to prevent data leakage.

“

Instructure said it had reached an agreement with the hacker group to prevent a public leak and gave assurances that no personal information had been compromised.

From a Hong Kong perspective, this incident highlights the growing risks associated with digital learning environments and the critical need for robust cybersecurity measures. While international coverage focuses on the global nature of the attack, local reporting emphasizes the direct impact on Hong Kong's students and educators. The authorities' response, including advice from cybersecurity officials and police reports, underscores the seriousness with which this breach is being treated locally. Vigilance against potential follow-up attacks, such as phishing, is paramount as the city navigates the aftermath of this digital assault.

“

The watchdog “has advised the relevant organisations to notify those affected as soon as possible and to provide assistance as appropriate in each case, in order to prevent the breach from escalating,” it said.