TL;DR

Instructure, the company behind Canvas, has reportedly reached an agreement with the hackers responsible for two separate breaches. The hackers, ShinyHunters, claimed to have stolen data affecting 275 million users but now say the data has been destroyed. The terms of the deal are undisclosed, raising questions about the company’s cybersecurity response.

Instructure, the maker of the Canvas learning management system, announced on Tuesday that it has “reached an agreement” with the hackers who breached its systems twice, stole sensitive data, and defaced its login pages. The hackers, a group known as ShinyHunters, claimed to have stolen data from nearly 9,000 schools and 275 million individuals, but now state the data has been destroyed as part of the deal. This development raises questions about the company’s handling of the breaches and cybersecurity measures.

According to Instructure, the hackers, ShinyHunters, first breached its systems on April 29, stealing a large volume of student and staff personal data, including names, email addresses, and private messages exchanged between teachers and students. The group later claimed responsibility for a second breach last week, which involved defacing the company’s login pages on school websites as a form of extortion pressure. Instructure confirmed that the hackers provided evidence claiming the stolen data was destroyed, and that the company would not be extorted further. The financial terms of the agreement remain undisclosed, and Instructure has not confirmed whether it paid a ransom.

ShinyHunters, in a post on its leak site, indicated the data was deleted and that the company and its customers would not be targeted again. The hackers also threatened to publish the stolen data if their demands were not met, but the listing was removed from their site, suggesting a ransom may have been paid. A representative from ShinyHunters told TechCrunch, “The data is deleted, gone. The company and its customers will not further be targeted or contacted for payment by us.” Instructure’s spokesperson, Brian Watkins, did not respond to requests for comment or to clarify the terms of the agreement.

Why It Matters

This development is significant because it highlights ongoing cybersecurity vulnerabilities in educational technology providers, which manage sensitive student and staff data. The reported agreement with hackers raises concerns about how such breaches are handled, especially regarding ransom payments and data destruction assurances. It also underscores the potential risks for schools and districts relying on these platforms, as well as the broader issue of cybercriminals targeting educational institutions for profit.

High School Cybersecurity Fundamentals Workbook: Practice Questions and Answer Guides for Learning Cybersecurity, Networking, Cryptography, Online Safety, and Digital Security

High School Cybersecurity Fundamentals Workbook: Practice Questions and Answer Guides for Learning Cybersecurity, Networking, Cryptography, Online Safety, and Digital Security

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

Instructure’s breaches follow a pattern seen in similar incidents, such as the PowerSchool attack earlier this year, which affected 70 million students and staff. Both incidents involved cybercriminal groups demanding ransom and threatening data publication or system disruption. The U.S. FBI issued a warning last week advising victims not to pay ransom demands, emphasizing the difficulty in verifying whether stolen data is truly destroyed. These breaches expose vulnerabilities in cybersecurity practices within the education sector, which often lack robust protections against sophisticated attacks.

“We are still investigating the breach and validating our findings. We have no further comment at this time.”

— Instructure spokesperson Brian Watkins

“The data is deleted, gone. The company and its customers will not further be targeted or contacted for payment by us.”

— ShinyHunters representative

SamData 32GB USB Flash Drives 5 Pack 32GB Thumb Drives Memory Stick Jump Drive with LED Light for Storage and Backup (5 Colors: Black Blue Green Red Silver)

SamData 32GB USB Flash Drives 5 Pack 32GB Thumb Drives Memory Stick Jump Drive with LED Light for Storage and Backup (5 Colors: Black Blue Green Red Silver)

[Package Offer]: 5 Pack USB 2.0 Flash Drive 32GB Available in 5 different colors – Black Blue Green…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It is not yet clear whether Instructure paid a ransom or if the hackers will honor their claim of data destruction. The details of the agreement, including financial terms and security measures, remain undisclosed. Additionally, the effectiveness of the company’s cybersecurity defenses and oversight is still under investigation, and it is uncertain whether similar breaches will occur in the future.

Educational Technology & ICT (Hindi Edition)

Educational Technology & ICT (Hindi Edition)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What’s Next

Instructure is expected to continue its investigation into the breaches and may implement additional security measures. Stakeholders, including schools and districts, will be awaiting further disclosures about the company’s cybersecurity practices and any potential impact on data privacy. Law enforcement agencies may also become involved if further malicious activity is suspected or confirmed.

Secure by Design: A Smarter Approach to School District Cybersecurity

Secure by Design: A Smarter Approach to School District Cybersecurity

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Did Instructure pay the hackers a ransom?

The company has not disclosed whether a ransom was paid. The hackers claim the data has been destroyed, but the details remain unconfirmed.

What data was stolen in the breaches?

The stolen data reportedly includes students’ names, email addresses, and private messages exchanged between teachers and students, some of which contain sensitive personal information.

Will the data be published or used for further attacks?

It is currently unclear. The hackers claimed to have destroyed the data and stated they would not target the company further, but the situation remains uncertain.

What is Instructure doing to improve security?

The company has not yet provided detailed information on security enhancements following the breaches. Investigations are ongoing.

You May Also Like

AI data centers require 36 times more fiber than designs with standard servers — severe glass shortages push cable lead times out to a full year

AI data centers demand significantly more fiber optic cabling, requiring 36 times the fiber of standard server setups, highlighting supply chain challenges.

Hosting a website on an 8-bit microcontroller

A hobbyist successfully hosted a basic website on an AVR64DD32 microcontroller, demonstrating minimal server capabilities with limited hardware.

How to Build a Faster Home Network for Streaming Gaming and Work

I can help you build a faster home network for streaming, gaming, and work, but you’ll need to follow these essential tips to optimize your setup.

7 Best PC Routers for Prime Day Deals in 2026

Discover the best PC routers on Prime Day 2026, including WiFi 7, wired ports, and setup options. Find the perfect match for your needs today.