Deal reached with hackers to delete data stolen from the Canvas educational platform

Instructure, the operator of the Canvas online learning platform, announced it struck a deal with hackers responsible for a cyberattack that disrupted student access during finals. The hacking group ShinyHunters claimed responsibility for the breach, threatening to leak data from nearly 9,000 schools and 275 million individuals if a ransom was not paid by May 6. The group later extended the deadline after some schools engaged in negotiations. As part of the agreement, Instructure received the stolen data back and verified through 'shred logs' that the hackers destroyed remaining copies, though the company acknowledged no absolute certainty over the data’s permanent deletion. The breach exposed student IDs, email addresses, names, and messages, but Instructure confirmed no evidence of compromised passwords, birthdates, government IDs, or financial information. The attack forced Canvas offline temporarily, locking out students and faculty who rely on the platform for grades, course materials, and assignments. Some courses use Canvas for exams and final submissions, causing widespread panic among users. Instructure stated it was working with cybersecurity experts to conduct a forensic analysis, strengthen its systems, and review the affected data. The company emphasized the agreement was made to prevent potential data leaks and provide reassurance to its customers. Instructure’s chief information security officer, Steve Proud, had previously confirmed the breach involved sensitive but non-financial data. Despite the resolution, the incident highlights ongoing risks in digital education infrastructure.