Home
News
Details

Canvas's parent company, Instructure, reaches agreement with hackers, claims data has been deleted

icon币界网
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Instructure, the parent company of Canvas, announced an agreement with hackers following a major data breach. The attackers confirmed that the stolen data has been deleted, ending their ransom demands. ShinyHunters had claimed to have stolen data from 275 million individuals in April and later demanded additional payments. Instructure did not confirm whether a ransom was paid. The incident mirrors a 2024 PowerSchool breach that employed similar ransom tactics. The FBI advises against paying ransoms. On-chain data continues to indicate growing security concerns in the edtech sector. Inflation data remains a secondary factor in the ongoing cybersecurity debate.
CoinDesk reports:

The parent company of the learning software Canvas, Instructure, stated that it has reached an agreement with the hackers regarding the recent data breach. The company said the attackers have provided evidence that the stolen data has been deleted, and Canvas customers will not be required to negotiate separately with the hackers or pay any ransom.

Hackers claim to have stolen data from 275 million people.

According to TechCrunch, the cybercriminal group ShinyHunters claimed responsibility for the April 29 breach, stating that they stole student and staff data from Canvas-related systems, affecting approximately 275 million people. Canvas is used by nearly 9,000 schools to manage student records and courses.

Last week, the group launched a second attack, altering the Canvas login pages on some school websites to pressure the company into paying a ransom.

The company has not disclosed whether a ransom was paid.

On its incident update page posted Monday evening, Instructure stated that although there is never complete certainty when negotiating with cybercriminals, the company believes customers no longer need to engage with the hackers. The company did not disclose any financial terms of the agreement or whether a ransom was actually paid.

TechCrunch reported that ShinyHunters previously threatened on their data leak website to publish the stolen data if the company did not pay. As of Tuesday, this post had been removed. The group also told media outlets that the data "has been deleted" and that they would no longer contact the company or its customers regarding payment.

Similar cases have experienced double extortion.

The report notes that Instructure’s incident bears similarities to PowerSchool’s large-scale data breach in 2024, during which the company also paid hackers to return the data—yet customers were later targeted by another criminal group, demonstrating that data claimed to have been “deleted” may not have been truly erased.

Last week, the U.S. Federal Bureau of Investigation also stated that it had noticed system disruptions affecting schools and educational institutions nationwide, and warned victims not to pay cybercriminals or respond to their ransom demands.

Instructure is still investigating the incident and verifying the findings. The company also acknowledges that its systems have been breached twice within the past year, but states that the two incidents are unrelated and involve different systems.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.