Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
The Canvas educational platform experienced a cyberattack resulting in the theft of data related to nearly 9,000 schools and 275 million individuals. The parent company, Instructure, reached an agreement with the hackers, reportedly the ShinyHunters group, to delete the stolen data and return it. The breach involved student ID numbers, email addresses, names, and messages but did not include passwords, dates of birth, government IDs, or financial information. The platform was temporarily taken offline during the investigation, disrupting access for students and faculty. Instructure received digital confirmation from the hackers that the data was destroyed but acknowledged no absolute certainty of complete erasure. The company is conducting forensic analysis and system hardening to prevent future incidents.
AI Analysis
Technical Summary
Instructure, operator of the Canvas online learning platform, suffered a cyberattack by the ShinyHunters hacking group, which exfiltrated data from the platform affecting millions of users across thousands of schools. The compromised data included student identifiers, emails, names, and platform messages but excluded sensitive credentials and financial data. Following ransom demands and negotiation, Instructure reached a deal with the attackers to delete the stolen data and received digital shred logs as proof. The platform was temporarily taken offline to investigate and mitigate the incident. Instructure is performing forensic analysis and enhancing security controls to address the breach.
Potential Impact
The breach exposed personal information of a large number of students and faculty, including ID numbers, names, email addresses, and messages on the Canvas platform. While no passwords or financial data were compromised, the exposure of personal identifiers could lead to privacy concerns and potential phishing or social engineering risks. The incident caused significant disruption to educational activities due to platform downtime during finals. The company’s inability to guarantee complete data deletion introduces ongoing risk of data misuse.
Mitigation Recommendations
Instructure has taken the Canvas platform offline temporarily to investigate and mitigate the breach. They reached an agreement with the attackers to delete the stolen data and obtained digital confirmation of data destruction. The company is conducting forensic analysis and working with expert vendors to harden systems and review affected data comprehensively. No official patch or fix is applicable as this is a breach incident rather than a software vulnerability. Organizations using Canvas should follow any guidance from Instructure and monitor for updates. Patch status is not applicable; remediation focuses on incident response and system hardening.
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
Description
The Canvas educational platform experienced a cyberattack resulting in the theft of data related to nearly 9,000 schools and 275 million individuals. The parent company, Instructure, reached an agreement with the hackers, reportedly the ShinyHunters group, to delete the stolen data and return it. The breach involved student ID numbers, email addresses, names, and messages but did not include passwords, dates of birth, government IDs, or financial information. The platform was temporarily taken offline during the investigation, disrupting access for students and faculty. Instructure received digital confirmation from the hackers that the data was destroyed but acknowledged no absolute certainty of complete erasure. The company is conducting forensic analysis and system hardening to prevent future incidents.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Instructure, operator of the Canvas online learning platform, suffered a cyberattack by the ShinyHunters hacking group, which exfiltrated data from the platform affecting millions of users across thousands of schools. The compromised data included student identifiers, emails, names, and platform messages but excluded sensitive credentials and financial data. Following ransom demands and negotiation, Instructure reached a deal with the attackers to delete the stolen data and received digital shred logs as proof. The platform was temporarily taken offline to investigate and mitigate the incident. Instructure is performing forensic analysis and enhancing security controls to address the breach.
Potential Impact
The breach exposed personal information of a large number of students and faculty, including ID numbers, names, email addresses, and messages on the Canvas platform. While no passwords or financial data were compromised, the exposure of personal identifiers could lead to privacy concerns and potential phishing or social engineering risks. The incident caused significant disruption to educational activities due to platform downtime during finals. The company’s inability to guarantee complete data deletion introduces ongoing risk of data misuse.
Mitigation Recommendations
Instructure has taken the Canvas platform offline temporarily to investigate and mitigate the breach. They reached an agreement with the attackers to delete the stolen data and obtained digital confirmation of data destruction. The company is conducting forensic analysis and working with expert vendors to harden systems and review affected data comprehensively. No official patch or fix is applicable as this is a breach incident rather than a software vulnerability. Organizations using Canvas should follow any guidance from Instructure and monitor for updates. Patch status is not applicable; remediation focuses on incident response and system hardening.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/deal-reached-with-hackers-to-delete-data-stolen-from-the-canvas-educational-platform/","fetched":true,"fetchedAt":"2026-05-12T13:36:23.243Z","wordCount":1131}
Threat ID: 6a032cd7cbff5d8610ea61b1
Added to database: 5/12/2026, 1:36:23 PM
Last enriched: 5/12/2026, 1:36:34 PM
Last updated: 5/12/2026, 7:44:18 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.