Instructure, developer of the Canvas school information portal, announced on Tuesday it has finalized an agreement with hackers responsible for breaching its systems twice, impacting data of 275 million students and staff, and causing disruptions in thousands of schools.
ShinyHunters Takes Credit
The cybercrime group ShinyHunters claimed responsibility for the breach on April 29, stating they accessed personal information of millions through Canvas, used by approximately 9,000 schools for data and coursework management.
Following the initial breach, the hackers struck again last week, defacing Canvas login pages on various school websites to pressure Instructure into meeting their ransom demands.
Agreement and Data Destruction
According to Instructure's announcement on its incident page, the hackers provided evidence that all stolen data was destroyed and assured that Canvas customers would not be subject to extortion.
Although Instructure acknowledged the inherent uncertainty in dealing with cybercriminals, it emphasized that customers should not need to engage with the hackers. The financial terms of the agreement were not disclosed, and spokesperson Brian Watkins declined to comment further.
Removing Threats
With the agreement in place, ShinyHunters removed the data listing from their page, suggesting a ransom payment might have resolved the issue. A representative from ShinyHunters confirmed to TechCrunch that the data was deleted and promised no further targeting of Instructure or its customers.
Security Concerns
The incident draws parallels with a 2024 cyberattack on PowerSchool, another edtech company, which also led to a ransom payment. Despite this, some customers were later extorted by another group possessing the same stolen data.
The FBI, aware of the disruptions, advised victims not to pay or respond to cybercriminals, despite this advice being frequently ignored by victims hoping to secure data retrieval.
The stolen data seen by TechCrunch includes personal student information, and teacher-student communications. Instructure confirmed two separate breaches within a year, involving different systems, and is still investigating the incidents.
The role of Steve Daly, Instructure's CEO, in overseeing cybersecurity remains unclear, and the company has not commented on any potential leadership changes following the breaches.
Source: https://techcrunch.com/2026/05/12/instructure-strikes-deal-with-hackers-who-breached-it-twice/




