A data breach at Instructure, the company behind the Canvas learning management system, has resulted in the theft of millions of students' personal data, with the extortion group ShinyHunters claiming responsibility1. The group had been attempting to extort Instructure by contacting Canvas users directly, adding pressure to their ransom demands. However, in a recent update, Instructure stated that the stolen data has been returned, suggesting that an agreement was reached with the hackers. This development brings a measure of relief to the millions of students affected, but also raises questions about the terms of the agreement and the potential consequences of negotiating with extortionists. The incident highlights the risks of data breaches in the education sector and the need for robust security measures to protect sensitive information. This matters to cybersecurity practitioners because it underscores the importance of having a incident response plan in place to mitigate the impact of such breaches.
Stolen Canvas data was “returned” after hacker agreement, Instructure says
⚡ High Priority
Why This Matters
Millions of students had personal data stolen , with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by.
References
- Malwarebytes Labs. (2026, May 12). Stolen Canvas data was “returned” after hacker agreement, Instructure says. Malwarebytes. https://www.malwarebytes.com/blog/news/2026/05/stolen-canvas-data-was-returned-after-hacker-agreement-instructure-says
Original Source
Malwarebytes Labs
Read original →