Canvas Strikes Deal With Hackers To Delete Stolen Data After Cyberattack

Canvas parent company Instructure has reached an agreement with the hackers behind a major cyberattack on the educational platform, the Associated Press reported.

The company said the deal included the return and deletion of stolen data linked to thousands of schools and millions of users.

According to the report, the hacking group known as ShinyHunters had claimed responsibility for the breach.

The group said it had accessed data connected to nearly 9,000 schools and around 275 million individuals worldwide.

The hackers had threatened to publicly release the stolen data unless ransom demands were met.

The cyberattack disrupted access to the Canvas platform during final examination periods at many schools and universities.

Instructure said it had “reached an agreement with the unauthorized actor involved in this incident.”

The company added that all stolen data had been returned, digital confirmation of deletion had been received, and customers would not face extortion connected to the incident.

However, the company did not disclose the exact terms of the agreement or confirm whether any ransom payment was made.

Cybersecurity experts said such agreements often involve some form of payment, although no official confirmation has been provided.

The hackers had stolen student names, email addresses, identification numbers, and messages exchanged on the platform.

Instructure stated that passwords, birth dates, government IDs, and financial data were not compromised in the breach.

The breach reportedly originated through Canvas’ “Free-For-Teacher” accounts. Instructure temporarily shut down some services and later restored most systems after implementing security measures.

The incident has become one of the largest cybersecurity breaches involving educational technology platforms.

The attack affected institutions across multiple countries, including the United States, Australia, Canada, the Netherlands, Hong Kong, and New Zealand.

The US House Homeland Security Committee has reportedly asked Instructure executives to brief Congress about the breach, the compromised data, and the company’s coordination with cybersecurity agencies.