TL;DR
Instructure, the company behind Canvas, has reportedly reached an agreement with the ShinyHunters cybercrime group following two data breaches and extortion attempts. The hackers claimed to have stolen data of 275 million users but have now indicated the data was destroyed. The terms of the deal remain undisclosed.
Instructure, the maker of the Canvas educational platform, announced it has reached an agreement with the hackers responsible for two separate breaches that compromised its systems and stole sensitive data, including personal information of students and staff. The hackers, identified as the group ShinyHunters, had threatened to publish the stolen data unless paid ransom, but the company reports the hackers have now confirmed the data was destroyed as part of the settlement.
Instructure disclosed that the first breach occurred in April, when ShinyHunters claimed to have stolen data from nearly 9,000 schools using Canvas, affecting approximately 275 million individuals. The second breach took place last week, during which the hackers defaced Canvas login pages, escalating pressure on the company to pay ransom. Following negotiations, Instructure stated that the hackers provided evidence that the stolen data had been destroyed, and that the company would not be extorted further.
While the financial terms of the agreement have not been made public, a ShinyHunters representative told TechCrunch that the data is deleted and the company will not target Instructure or its customers again. It remains unclear whether Instructure paid the ransom, as the company declined to comment on the specifics. The hackers had previously threatened to release the stolen data, which includes student names, personal emails, and private messages exchanged on the platform.
Why It Matters
This development is significant because it highlights ongoing cybersecurity vulnerabilities in educational technology providers, which manage sensitive student data. The agreement with hackers, if confirmed, raises questions about the effectiveness of current cybersecurity practices and the ethics of paying ransoms. It also underscores the threat posed by cybercriminal groups targeting the education sector, which has become a high-value target for data theft and extortion.
cybersecurity software for schools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Instructure’s breaches follow a series of high-profile attacks on educational software companies, including PowerSchool’s 2024 breach affecting 70 million students and staff. The FBI has issued warnings advising victims against paying ransom demands, citing the risk that hackers may retain or re-use stolen data even after purported deletion. These incidents reflect a broader trend of increasing cyberattacks targeting schools and educational institutions, which often lack robust cybersecurity measures.
The first breach at Instructure was publicly acknowledged earlier this year, with the second breach occurring last week, intensifying concerns among users and regulators. The company has not disclosed who is responsible for overseeing cybersecurity or whether leadership changes are planned following the incidents.
“We have reached an agreement with the hackers, who have provided evidence that the stolen data was destroyed, and we will not be extorted further.”
— Instructure spokesperson Brian Watkins
“The data is deleted, gone. The company and its customers will not be further targeted or contacted for payment by us.”
— ShinyHunters representative
student data protection hardware
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear whether Instructure paid any ransom or what specific legal or financial arrangements were made. The exact terms of the agreement are undisclosed, and the company’s internal cybersecurity oversight remains unclarified. Additionally, the long-term security implications for Canvas users are still uncertain, as the effectiveness of the hackers’ claims about data destruction cannot be independently verified.
educational platform security tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Instructure is expected to continue investigating the breaches and may implement additional security measures. Regulatory authorities and cybersecurity experts will likely scrutinize the company’s response and whether paying the hackers sets a precedent. Users and schools should remain vigilant for potential follow-up threats or data re-emergence.
school data breach prevention
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did Instructure pay the hackers ransom?
It has not been officially confirmed whether Instructure paid a ransom. The company stated that an agreement was reached and hackers confirmed data was destroyed, but did not disclose financial details.
What data was stolen in the breaches?
The stolen data includes students’ names, personal email addresses, and private messages exchanged on the Canvas platform.
Are the breaches still ongoing?
There is no indication that the breaches are ongoing; Instructure reports the incidents are resolved following the agreement with hackers.
Could the data be re-released or re-used?
While hackers claim to have deleted the data, experts caution that stolen data can sometimes be retained or re-used despite claims of destruction.
