SAN DIEGO (CNS) - A proposed class action lawsuit was filed in San Diego federal court this week against the company that developed the Canvas education program recently attacked by hackers.
The lawsuit was filed Tuesday on behalf of a San Diego resident whose personally identifiable information was allegedly exposed in the cyberattack impacting thousands of universities and school systems.
ShinyHunters, the hacking group that claimed responsibility for the attack, said it accessed data from 275 million users from nearly 9,000 educational institutions worldwide.
The Canvas system's developer, Instructure, announced earlier this week that it had reached an agreement with "the unauthorized actor involved in this incident" that included a return of all data, digital confirmation that the accessed data has been destroyed, and an agreement that no Instructure customers would be extorted.
This week's lawsuit faults Instructure for allegedly failing to "implement adequate and reasonable measures to ensure that plaintiff and class member's PII was safeguarded" and says the plaintiff now "has increased anxiety over the loss of privacy and anxiety over the impact of cybercriminals accessing, using, and selling his PII."
The complaint says the plaintiff faces a risk of identity theft and fraud, as the lawsuit alleges it is "likely, given defendant's clientele, that some of his information that has been exposed has already been misused."
The lawsuit seeks damages and a court order requiring proof of the deletion of class members' PII, as well as other measures to strengthen Instructure's security in order to prevent future unauthorized data access.
In its statement announcing its deal with ShinyHunters, Instructure said it would "work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved."
Following an internal investigation, the company said it would "share additional details about the root cause and lessons learned, with the goal of helping the broader education technology community better understand and defend against similar threats."
