TL;DR
Instructure paid an undisclosed ransom to ShinyHunters after the hacking group breached Canvas twice, exposing data of 275 million users. The company confirmed data destruction and resumed service, but many questions remain about the ransom amount and future security.
Instructure has paid a ransom to the hacking group ShinyHunters following two breaches of its Canvas learning management system within the past week and a half, resulting in the exposure of data for approximately 275 million users. The company confirmed that the hackers returned the compromised data and claimed to have destroyed it, providing some assurance to its customers amid ongoing security concerns.
According to an update from Instructure published Monday night, the company negotiated a deal with ShinyHunters, a cybercriminal group linked to recent data breaches at prominent universities. The deal was finalized just before the group’s May 12 ransom deadline, although the company did not disclose the ransom amount. Instructure stated it received confirmation of data destruction and that no customers would be extorted further as a result of the incident.
ShinyHunters infiltrated Canvas twice this month, demanding payment to prevent the leak of sensitive data, which included names, email addresses, student IDs, and private messages among users. The group warned that, if the ransom was not paid, they would release the data and cause further disruptions. Despite the initial breach and subsequent service outages, Instructure resumed full operations by May 5, but the hackers struck again later in the week, posting messages threatening to leak data if demands were not met.
Why It Matters
This incident underscores the cybersecurity vulnerabilities of widely used educational technology platforms, especially during critical periods like final exams. The decision to pay the ransom raises questions about incident response strategies and the potential encouragement of cybercriminal activity. For students, faculty, and institutions, the breach highlights the importance of data security and the risks associated with digital reliance in education.
Cybersecurity Geek Computer Science Software Engineer T-Shirt
Computer engineer gifts for men who like gifts for computer geeks and computer security outfits. Cyber security gifts…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Instructure’s Canvas LMS is used by 41 percent of higher education institutions in North America, making it a significant target for cybercriminals. The group ShinyHunters has previously targeted universities such as Penn, Princeton, and Harvard, with breaches involving large-scale data leaks. The current events follow a pattern of escalating ransomware activity aimed at educational institutions and ed-tech providers, emphasizing the growing threat landscape.
“We believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible.”
— Instructure spokesperson
“We focused on fact-finding and went quiet when you needed consistent updates. We will change that moving forward.”
— Steve Daly, CEO of Instructure
“Instructure has not even bothered speaking to us to understand the situation or to even negotiate with us to prevent the release of this data.”
— ShinyHunters
data breach prevention tools for LMS
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how much Instructure paid in ransom, the full scope of data affected beyond what has been publicly disclosed, and whether additional breaches or leaks could occur. The long-term security measures implemented after this incident are also still uncertain.
SANDISK 32GB Cruzer Glide USB 2.0 Flash Drive – SDCZ60-032G-B35
Reliable storage for photos, videos, music and other files
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Instructure is expected to continue forensic analysis, enhance security protocols, and monitor for further threats. The company has promised to provide ongoing updates and may review its incident response strategies to better handle future cyberattacks.
Cybersecurity Educators Handbook: Syllabus for AI And Network Architecture
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did Instructure confirm the ransom amount paid?
No, the company did not disclose the exact amount paid in the ransom deal.
Will user data be fully protected after this incident?
While Instructure claims to have secured data destruction and improved security, the effectiveness of these measures remains to be seen, and future vulnerabilities could still exist.
Are students and institutions safe from further leaks?
It is unclear if additional leaks are possible; ongoing monitoring and security enhancements are expected, but the threat landscape remains uncertain.
What actions are universities taking following the breach?
Many institutions postponed exams and are awaiting further updates from Instructure on security and data protection measures.
![Meta enables ADB on deprecated Portal devices [video]](https://bestcadpapers.com/wp-content/uploads/2026/06/meta-enables-adb-on-deprecated-portal-devices-video-featured-560x300.jpg)
