AseanPlus News

Hong Kong privacy watchdog slams Canvas owner for paying ransom to hackers

Hong Kong’s privacy watchdog has condemned the owner of an education platform for paying a ransom to hackers who stole individuals’ personal data from 9,000 institutions worldwide, arguing that the money should have been spent on strengthening cybersecurity.

Privacy Commissioner for Personal Data Ada Chung Lai-ling on Friday also questioned whether the hackers had truly returned the data stolen from Canvas and urged affected users to stay alert for suspicious calls or messages claiming to be from the platform.

Instructure, the parent company of Canvas, said earlier this week that hackers had stolen personal data from an estimated 9,000 institutions around the world – including seven organisations in Hong Kong involving 72,571 people – before reaching an agreement with the hackers to return the compromised data.

“We condemned its way of handling as it is a hacking incident, which is illegal. Resources should not be given to these hackers, but should be invested in protecting the platform or improving its security. Does paying the ransom actually guarantee the recovery of all data?” Chung told the media.

In a statement posted on its website on Wednesday, Instructure said the hackers had returned all compromised personal data after both sides “reached an agreement”.

The company said it had received digital confirmation of data destruction and was informed that none of its customers would be extorted as a result of the incident.

Chung pointed out that this was the second time the platform had been hacked.

The local organisations affected were the Hong Kong University of Science and Technology, Polytechnic University, City University, the Hong Kong Academy for Performing Arts, the Hong Kong Art School, the Hong Kong Institute of Construction and the government’s subsidiary, Hong Kong Education City.

The privacy commissioner urged affected users to remain vigilant against suspicious calls, messages or emails claiming to be from the platform or its technicians, and to avoid viewing attachments and clicking on links indiscriminately.

“Do not further offer your information [to the platform] and I would suggest changing your login and password, and activating multi-factor authentication,” Chung said.

She said the leaked information consisted of users’ names, email addresses, login IDs and study disciplines, but noted that there was no evidence of actual losses from the leak.

She also urged institutions to comprehensively review the platform’s information system security, delete old information and continually track daily logs to detect any unusual logins. -- SOUTH CHINA MORNING POST 

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
SCMP , Hong Kong , privacy watchdog , education platform , ransom , hackers , cybersecurity , personal data , Canvas , data breach , Instructure

Next In Aseanplus News
Indonesian president recognises 'problems' with free meal scheme
'The Son will rise again' Heung-Min is off to his fourth World Cup after being included in the South Korean squad
FIFA finally seals World Cup broadcast deal in China at just US$60mil
Trump says Xi agrees Iran must open the Strait, but no sign that China will weigh in as it believes war should not have started in the first place
Putin to visit China May 19-20, days after Trump trip
Malaysia to strengthen cooperation with UN-Habitat in three key areas
Johor Pakatan says it expected BN to go solo
Asean News Headlines at 10pm on Saturday (May 16, 2026)
South Korea reports the earliest heat-related death this year on record
At least eight dead, 32 injured in Thailand after freight train hits bus

Trending in AseanPlus

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.