Hong Kong’s privacy watchdog has condemned the owner of an education platform for paying a ransom to hackers who stole individuals’ personal data across 9,000 institutions worldwide, arguing that the money should have been spent on strengthening cybersecurity.
Privacy Commissioner for Personal Data Ada Chung Lai-ling on Friday also questioned whether the hackers had truly returned the data stolen from Canvas and urged affected users to remain alert to suspicious calls or messages claiming to be from the platform.
“We condemned its way of handling as it is a hacking incident, which is illegal. Resources should not be given to these hackers but to invest in protecting the platform or improving its security. Does paying the ransom actually guarantee the recovery of all data?” Chung told media.
In a statement posted on its website on Wednesday, Instructure said the hacker had returned all personal data compromised after both sides “reached an agreement”. The company said it had received digital confirmation of data destruction and was informed that none of its customers would be extorted as a result of the incident.
Chung pointed out that this was the second time the platform had been hacked.
