| ▲ | copperx 6 hours ago | |
I don't understand what's the panic and doomerism about. Any competent IT team has backups and will be up and running as they go back to a state before the breach. This is HN. I'm disappointed that everyone is talking about losing grades and going back to pen and paper. I don't see how that could happen in 2026. And from the hacker's message itself, it's clear they want money in exchange for not releasing private info, not for the data itself. Do we live in a fear based culture? Why the panic? Even if everything was hosted on Instructure's infrastructure, it's all AWS. I'd be VERY surprised if there aren't multiple way to go back to a previous state. Most of the work and delay is to make sure they figure out where the breach occurred. | ||
| ▲ | simonreiff 8 minutes ago | parent | next [-] | |
I'm sure you're right. Across tens (hundreds?) of thousands of institutions worldwide, each one is exercising its well-written incident runbook that not only gets updated regularly but also is rehearsed constantly, just in case something like this happens. After all, what university IT department DOESN'T prepare obsessively for the moment when they need to restore all grades on all assignments for all courses from backup and fall over to the backup system for final exam administration in any required format specified by any professor, in the second week of May, on a non-negotiable schedule? There's absolutely nothing to worry about here. | ||
| ▲ | yread 2 hours ago | parent | prev | next [-] | |
Schools don't have competent IT teams. Here in the Netherlands a data center's power source (not even the machines) burnt down, data center is offline and University of Utrecht, one of the biggest universities here, is closed. Access passes don't work, work from home environment doesn't work, student information system is down, system for grading doesn't work. No failover for any of them (or maybe it was in the same DC?) https://nos.nl/artikel/2613485-storingen-in-hele-land-door-b... | ||
| ▲ | mschuster91 3 hours ago | parent | prev [-] | |
> Any competent IT team has backups Backups can be sabotaged (turned off or schedules manipulated) or compromised (say, by lateral movement). > Even if everything was hosted on Instructure's infrastructure, it's all AWS. AWS Backup isn't foolproof. Get your hands on administrator credentials as an attacker and suddenly the only thing between everything being gone for good and unrecoverable even for AWS is remembering to have put a permanent deletion protection on all resources in AWS Backup. | ||