\n<\/p>\n
NUS, SUSS and SIM were on a list of schools that were affected by the breach. CNA has also contacted NTUC Learning Hub and Kaplan to ask if they have been similarly affected by the Canvas breach.<\/p>\n
Canvas has 30 million active users globally between kindergarten and college age, according to Instructure’s website.<\/p>\n
In the United States, the hack affected universities including Harvard and Stanford, and thousands of other institutions, causing widespread disruption as students prepare for end-of-year tasks and assignments.\u00a0<\/p>\n
ShinyHunters said 275 million individuals’ data could be leaked if schools did not pay the ransom by a deadline of May 6. The group then extended the deadline, indicating some schools had engaged with them to negotiate.<\/p>\n
The group has also been tied to other attacks, including one aimed at Live Nation\u2019s Ticketmaster subsidiary.<\/p>\n
According to Instructure, there was no evidence that passwords or financial information were compromised.<\/p>\n
The Cyber Security Agency of Singapore (CSA) said it is monitoring the situation.<\/p>\n
\u201cWe have reached out to affected organisations to offer assistance and provide advice on mitigation measures,\u201d it added.<\/p>\n
Even with Canvas back online, global cybersecurity experts are urging impacted students and educators to stay alert.<\/p>\n
Other bad actors could try to take advantage of the breach’s aftermath through additional phishing attacks. Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, warns that someone impersonating a school district, for example, could send a malicious message prompting users to reset their Canvas password.<\/p>\n
\u201cBe very suspicious of any inbound messages,\u201d Steinhauer said, particularly if urgent action is requested.<\/p>\n
Experts stress that major breaches are an important reminder for consumers to revisit best \u201ccyber hygiene\u201d practices overall.<\/p>\n
The basics include creating hard-to-guess passwords, using multifactor authentication when possible and monitoring online accounts for any suspicious activity.\u00a0<\/p>\n<\/div>\n