Skip to content
Tech News
← Back to articles

Instructure strikes deal with hackers who breached it twice

2026-05-12 | original
read original get Cybersecurity Awareness Kit → more articles
Why This Matters

The breach and subsequent agreement between Instructure and hackers highlight the increasing cybersecurity risks faced by educational technology providers. This incident underscores the importance of robust security measures to protect sensitive student and staff data, as well as the potential costs and complexities of negotiating with cybercriminals. For consumers and the industry, it emphasizes the need for heightened vigilance and proactive cybersecurity strategies in digital education platforms.

Key Takeaways

Instructure, the maker of the popular school information portal Canvas, said on Tuesday it has “reached an agreement” with the hackers who breached its systems twice, stole a huge amount of student and staff data, and disrupted thousands of schools that rely on the company’s software.

ShinyHunters, a financially motivated cybercrime group, took credit for the April 29 data breach, claiming to have stolen student and staff data, including the personal information, of a total 275 million people. The hackers said they had compromised Canvas, which nearly 9,000 schools use to manage their students’ data and coursework.

The hackers last week breached the company for a second time, defacing the Canvas login pages on school websites, as part of efforts to pressure the company into paying their ransom.

Instructure said on its incident page late on Monday that as part of the agreement, the hackers had provided evidence that the stolen data was destroyed, and that Canvas customers would not be extorted.

The company acknowledged that there is “never complete certainty” when negotiating with cybercriminals, but noted that customers should not have to engage with the hackers.

Financial terms of the agreement were not disclosed, and Instructure did not say how much it paid the hackers. Instructure spokesperson Brian Watkins did not respond to a request for comment, or answer questions about the agreement when contacted on Tuesday.

In a post on its leak site, which TechCrunch has seen, ShinyHunters was threatening to publish the stolen data it stole from Instructure if the company did not pay their extortion demand.

As of Tuesday, the listing had been removed from the ShinyHunters’ page, indicating that a ransom may have been paid.

A representative from ShinyHunters told TechCrunch: “The data is deleted, gone. The company and it’s [sic] customers will not further be targeted or contacted for payment by us.”

It’s not clear why Instructure paid the hackers. Governments, including the United States, have long urged victims of cybercrime not to pay ransoms to hackers, as this helps cybercriminals profit from their attacks. Security researchers have argued that victims cannot trust the word of malicious hackers — some cybercriminals have been found holding on to stolen data despite saying they had deleted it so they could continue extorting their victims.

... continue reading

Explore topics: canvas shinyhunters instructure cybercrime data breach
Related:
Xfinity Customer? You May Be Owed Money From a $117.5 Million Data Breach Settlement
Škoda warns of customer data breach after online shop hack
Canvas hack: company pays criminals to delete students' stolen data
Canvas hack: Company pays criminals to delete students' stolen data
Canvas owner reaches ‘agreement’ with hackers to secure stolen data

© 2026 GoKawiil

About | Editorial Policy | Contact