Hong Kong privacy watchdog slams Canvas owner for paying ransom to hackers
Privacy commissioner says Instructure’s payment is a mishandling of crime and firm should invest in boosting cybersecurity instead
Hong Kong’s privacy watchdog has condemned the owner of an education platform for paying a ransom to hackers who stole individuals’ personal data from 9,000 institutions worldwide, arguing that the money should have been spent on strengthening cybersecurity.
Privacy Commissioner for Personal Data Ada Chung Lai-ling on Friday also questioned whether the hackers had truly returned the data stolen from Canvas and urged affected users to stay alert for suspicious calls or messages claiming to be from the platform.
“We condemned its way of handling as it is a hacking incident, which is illegal. Resources should not be given to these hackers, but should be invested in protecting the platform or improving its security. Does paying the ransom actually guarantee the recovery of all data?” Chung told the media.
In a statement posted on its website on Wednesday, Instructure said the hackers had returned all compromised personal data after both sides “reached an agreement”.
The company said it had received digital confirmation of data destruction and was informed that none of its customers would be extorted as a result of the incident.