The world is still coming to terms with the global EdTech data breach of Instructure’s Canvas data platform.
Firstly, Catalyst IT stand in solidarity with organisations and institutions worldwide who face these challenges, and acknowledge the difficulty of preventing, discovering and responding to a data breach.
What do we know right now?
- None of Catalyst’s systems are included in the breach.
- Users caught up in the breach will become targets and face a higher risk of compromise.
What don’t we know yet?
- The root cause of the Canvas data breach.
- If/how many of your users might be individually affected
- The extent to which the information of affected users connects them to your systems, or with us.
What should you be doing immediately?
- Enforce password reset for your systems and users.
- Notify your users you are enforcing password resets
- If your system is capable, enable MFA
- Rotate security keys on third-party integrations (LTI, APIs, etc)
- Reviewing and applying any critical security patches available.
For more in-depth information, please read:
Why ownership, governance and open source matter for education
What the Canvas breach teaches us about Moodle security.
For Catalyst clients, if you have any further questions or concerns, reach out to your Account Manager in Client Services.
