Canvas breach: 'Agreement' made with hackers over stolen data
US-based education tech firm Instructure confirmed an agreement with hackers after a breach exposed data of up to 275 million students across 9,000 institutions, though it did not confirm a ransom payment to ShinyHunters. The company reported two unauthorized access incidents on April 29 and May 7, temporarily shutting down Canvas and Free-For-Teacher accounts before restoring service.
Instructure, the US-based company behind the Canvas learning platform, announced on Tuesday that it had reached an agreement with hackers following a data breach potentially affecting up to 275 million students at around 9,000 institutions worldwide. The company stated it had received confirmation that the stolen data had been returned and destroyed, though it did not confirm whether a ransom was paid to ShinyHunters, the cybercriminal group claiming responsibility. The breach followed two separate unauthorized access incidents detected on April 29 and May 7. Instructure said it immediately revoked access, launched an investigation, and engaged forensic experts after the first incident. The second incident involved changes to student and teacher pages, prompting a temporary shutdown of Canvas for maintenance and security upgrades. The company later confirmed that hackers exploited an issue with support tickets in Free-For-Teacher accounts, leading to the temporary suspension of those accounts. ShinyHunters had set a deadline of May 12 to negotiate payment, threatening to release 3.65 terabytes of data, including names, email addresses, and messages. Instructure assured that no customers would face extortion as a result of the breach. The company continues to collaborate with cybersecurity firm CrowdStrike to strengthen security measures and review the incident. This is the second breach Instructure has faced from ShinyHunters in the past year, following an attack on its Salesforce environment in September 2025. Cybersecurity expert Darren Guccione noted the repeated targeting of Canvas, suggesting potential gaps in post-breach remediation. He also highlighted the high value of educational platforms as targets due to their concentration of sensitive data. Canvas was fully restored and back online by Sunday, with Instructure’s forensic partner confirming no ongoing unauthorized access. The company emphasized that customers should not engage directly with the hackers, as the agreement covers all impacted institutions.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.