Five HK institutions among 9,000 in Canvas hacking incident
發佈日期: 2026-05-09 20:23
TVB News
A hacking group has attacked "Canvas", a U.S. education management system for schools and universities and stole data of million of users.
The data breach is estimated to have affected about 9,000 world institutions, including some in Hong Kong. A cybersecurity expert said that companies should be more proactive in protecting their network against hackers.
Canvas is a cloud-based system used by millions of students and teachers across the world to manage assignments, course notes and grades.
On Friday, the Office of the Privacy Commissioner for Personal Data said five Hong Kong education institutions have been affected by the hacking attack, including the Polytechnic University, the University of Science and Technology and the Academy for Performing Arts.
The hacking group ShinyHunters has claimed responsibility for the incident. In a message reportedly said to have been delivered by the group to students, the hackers set a negotiation deadline of May 12th for Instructure, the parent company of Canvas. ShinyHunters said it would leak the stolen data once the deadline is passed.
A cybersecurity expert said that Instructure should respond to hackers to ensure the safety of students and teachers, who are innocence in the incident.
Cybersecurity Analyst ANTHONY LAI: "The affected party is the service provider, so the service provider should think of a way to try to reduce an impact on their customers. Those leaked data can contain a lot of credentials of the students, teachers and university system information or personal information. What do you think if those leaked data is published to worldwide? This is highly impactful on their personal privacy and safety."
Lai said companies with a large pool of customers should be more proactive in defending their network. He suggests they establish a threat intelligence team to gather information on different types of hackers and their potential ways of attack.
