Global Data Leak Exposes Personal Information of 72,000 Hong Kong Students and Staff via Canvas Platform
A significant data breach involving the online learning platform Canvas has compromised the personal information of over 72,000 students and staff across Hong Kong’s educational institutions. The incident has prompted two local police reports, one from an affected education institution and another from a resident who received a fraudulent message linked to the leak.
Chief Superintendent Raymond Lam Cheuk-ho of the Hong Kong Police’s Cybersecurity and Technology Crime Bureau revealed that the resident encountered a deceptive notification claiming their Canvas system required technical fixes. The message included a phone number, which authorities confirmed belonged to a scammer posing as technical support to exploit victims.
Authorities have warned organizations to assess the security of third-party service providers and supply chain partners, while individuals are advised to remain cautious of phishing attempts stemming from the breach. The incident underscores the growing risks of supply chain vulnerabilities in digital education platforms.
Hong Kong educational institutions TPRM report: https://www.rankiteo.com/company/hong-kong-polytechnic-university
"id": "hon1778624763",
"linkid": "hong-kong-polytechnic-university",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '72,000',
'industry': 'Education',
'location': 'Hong Kong',
'name': 'Hong Kong Educational Institutions '
'(unspecified)',
'size': '72,000+ students and staff',
'type': 'Educational Institutions'}],
'attack_vector': 'Supply Chain Vulnerability',
'customer_advisories': 'Remain cautious of phishing attempts linked to the '
'breach.',
'data_breach': {'number_of_records_exposed': '72,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': 'Personal Information'},
'description': 'A significant data breach involving the online learning '
'platform Canvas has compromised the personal information of '
'over 72,000 students and staff across Hong Kong’s educational '
'institutions. The incident has prompted two local police '
'reports, one from an affected education institution and '
'another from a resident who received a fraudulent message '
'linked to the leak.',
'impact': {'brand_reputation_impact': 'High (Educational Institutions and '
'Platform Provider)',
'data_compromised': 'Personal Information',
'identity_theft_risk': 'High',
'systems_affected': 'Canvas online learning platform'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Growing risks of supply chain vulnerabilities in digital '
'education platforms; need for enhanced third-party '
'security assessments.',
'motivation': 'Financial Gain (Phishing/Scamming)',
'post_incident_analysis': {'root_causes': 'Supply chain vulnerability in the '
'Canvas platform'},
'recommendations': 'Organizations should assess the security of third-party '
'service providers and supply chain partners. Individuals '
'should remain cautious of phishing attempts.',
'references': [{'source': 'Hong Kong Police Cybersecurity and Technology '
'Crime Bureau'}],
'response': {'communication_strategy': 'Public advisories to assess '
'third-party security and caution '
'against phishing',
'law_enforcement_notified': 'Yes (Hong Kong Police)'},
'stakeholder_advisories': 'Assess third-party security and supply chain '
'risks.',
'threat_actor': 'Scammer (posing as technical support)',
'title': 'Global Data Leak Exposes Personal Information of 72,000 Hong Kong '
'Students and Staff via Canvas Platform',
'type': 'Data Breach'}