The Edtech world is still coming to terms with the global data breach of Instructure’s Canvas data platform.
Catalyst IT stands in solidarity with organisations and institutions worldwide who face these challenges, and acknowledge the difficulty of preventing, discovering and responding to a data breach.
What we know right now
- None of Catalyst’s systems are included in the breach.
- Users caught up in the breach will become targets and face a higher risk of compromise.
What we don’t know yet
- The root cause of the Canvas data breach.
- If/how many of your users might be individually affected
- The extent to which the information of affected users connects them to your systems, or with us.
What you can do right now
- Enforce password reset for your systems and users.
- Notify your users you are enforcing password resets
- If your system is capable, enable multi-factor authentication (MFA)
- Rotate security keys on third-party integrations (LTI, APIs, etc)
- Review and apply any critical security patches available.
For more in-depth information, please read:
Why ownership, governance and open source matter for education
State of Cyber Security in Higher Education
What the Canvas breach teaches us about Moodle security
For Catalyst clients, if you have any further questions or concerns, reach out to your Account Manager.
