Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals. Instructure, the parent company of Canvas, said in an online post that it “reached an agreement with the unauthorized actor involved in this incident.” The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack. Instructure temporarily took the system offline while it investigated, locking out students and faculty. A hacking group named ShinyHunters claimed responsibility for last week’s breach, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6. The group then extended the deadline, indicating some schools had engaged with them to negotiate. As part of the deal, the data was returned to Instructure. The company said Monday that it also received “digital confirmation” that the hackers destroyed any remaining copies, in the form of “shred logs.” The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data. “While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said. The data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform, Instructure’s chief information security officer, Steve Proud, said earlier this month. The company found no evidence that passwords, dates of birth, government identification or financial information were compromised, it said. The company said it was working with “expert vendors” to do a forensic analysis, “further harden” its systems, and carry out a “comprehensive review of the data involved.” The disruption caused panic last week among students and faculty members when they were locked out of a platform they rely on to manage grades and access course notes and assignments. Schools and universities use Canvas to manage nearly all aspects of instruction. The platform acts as a gradebook, a hub for digital lectures and course materials, a discussion board for classroom projects, and a messaging platform between students and instructors. Some courses also give quizzes and exams on the platform, or use it as a portal where final projects and papers are submitted on deadline. Related: Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools Related: 1.2 Million Affected by University of Hawaii Cancer Center Data Breach WRITTEN BY Associated Press More from Associated Press Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says Latest News White Circle Raises $11 Million for AI Control Platform BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware West Pharmaceutical Services Hit by Disruptive Ransomware Attack Apple Patches Dozens of Vulnerabilities in macOS, iOS SAP Patches Critical S/4HANA, Commerce Vulnerabilities Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Trending Webinar: ROSI For CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Malwarebytes has named Chung Ip as Chief Financial Officer. Semperis has appointed John Podboy as Chief Information Security Officer. Randy Menon has become Chief Product and Marketing Officer at One Identity. More People On The Move Expert Insights Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email