TL;DR
Instructure has reportedly reached an agreement with the hackers responsible for two breaches of its systems, including a significant data theft affecting millions of students and staff. The company has not disclosed whether it paid a ransom, but claims the hackers provided evidence of data destruction.
Instructure, the maker of the Canvas learning management system, announced on Tuesday that it has reached an agreement with the hackers responsible for two separate breaches of its systems, including a major data theft affecting approximately 275 million individuals. The hackers, identified as the group ShinyHunters, had stolen extensive personal data and defaced Canvas login pages in an effort to pressure the company into paying a ransom. The deal includes the hackers providing evidence that the stolen data was destroyed, though financial terms remain undisclosed.
The first breach occurred in April, when ShinyHunters claimed to have stolen data from nearly 9,000 schools using Canvas, including students’ personal information and messages exchanged between teachers and students. The second incident involved defacement of Canvas login pages last week, which the company said was part of the hackers’ extortion tactics. Instructure confirmed that the hackers had breached its systems twice within less than a year, though the breaches involved different systems and were considered separate events.
Instructure’s spokesperson, Brian Watkins, did not respond to requests for comment about whether the company paid the ransom or the specific terms of the agreement. The hackers’ leak site, which TechCrunch reviewed, was taken down after the agreement, suggesting a ransom may have been paid. A ShinyHunters representative told TechCrunch that the data had been deleted and that the company would not target Instructure or its customers further. The company acknowledged that there is “never complete certainty” when negotiating with cybercriminals but emphasized that customers should not have to interact with the hackers directly.
Why It Matters
This development is significant because it involves a major data breach impacting millions of students and educators, raising concerns about data security in educational technology. The deal may set a precedent for how companies handle ransomware demands in the education sector, but it also raises questions about whether paying ransom encourages further attacks. The incident underscores the ongoing threat cybercriminal groups pose to educational institutions and the importance of robust cybersecurity measures.
Innovations in Cybersecurity Education
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Instructure’s breaches follow a pattern of increasing cyberattacks targeting educational software providers. In 2024, PowerSchool, another major provider, paid hackers after a data breach affecting 70 million students and staff, only to face subsequent extortion from other groups. The FBI has issued warnings advising victims against paying ransoms, citing trust issues with hackers’ claims of data deletion. The recent breaches highlight persistent vulnerabilities in educational technology infrastructure and the challenge of preventing data theft and extortion in this sector.
“We have reached an agreement with the hackers, and they have provided evidence that the stolen data was destroyed. Our customers will not be extorted.”
— Instructure spokesperson Brian Watkins
“The data is deleted, gone. The company and its customers will not further be targeted or contacted for payment by us.”
— ShinyHunters representative
Consumer Privacy and Data Protection (Aspen Casebook Series)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear whether Instructure paid a ransom, the specific terms of the agreement, or if the hackers truly deleted all the stolen data. The motivations behind the company’s decision are also not publicly confirmed. Additionally, the long-term security implications for Canvas users are still uncertain as investigations continue.
educational data breach prevention software
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Instructure is expected to continue investigating the breaches and strengthen its cybersecurity measures. The company may also update its users about any ongoing risks or further developments. Authorities, including the FBI, are likely to monitor the situation, and future disclosures about the incident’s resolution are anticipated.
school cybersecurity kits
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did Instructure pay a ransom to the hackers?
It has not been officially confirmed whether Instructure paid a ransom. The removal of the hackers’ leak site suggests a ransom may have been paid, but the company has not disclosed specific details.
What data was stolen in the breach?
The stolen data includes students’ names, personal email addresses, and private messages exchanged between teachers and students, according to Instructure’s disclosures and samples reviewed by TechCrunch.
Will the breach affect schools and students?
The breach exposes sensitive personal information of students and staff, potentially increasing risks of identity theft and privacy violations. Schools are advised to monitor for suspicious activity and follow security guidance.
Is Instructure taking steps to prevent future breaches?
The company has stated it is investigating the incidents and validating its security measures, but specific plans or improvements have not been publicly detailed.
