alt Hacker NewsDepends on what they actually got. Names and email addresses? Considered public and are not so valuable. Universities usually publish those in a directory anyway.
Messages between students and instructors? Likely pretty boring, but possibly embarassing or confidential for a given individual.
Grades? Could be a FERPA violation.
Critical PII such as SSNs? Probably not in the LMS to begin with.
Replies
saghm • yesterday at 6:56 PM
I have trouble imagining that a ransomware group would care about a regulation like FERPA when they've already done something criminal that would more than enough for prosecution if they got caught.
➕ show 2 replies
Mezzie • yesterday at 6:45 PM
I just spoke with a K-12 teacher I know, and she confirmed SSNs in the Canvas instance.
Yikes.
➕ show 3 replies
SSNs have been used as student IDs by particularly stupid educational institutions. The 'nice' thing about getting SSNs from students is the likelihood they'll live for a long time after the breach and thus be subject to identity theft for many years to come.