Instructure, company behind Canvas learning platform, reaches deal with hackers to recover data

Instructure, the company behind the Canvas learning management system, announced on Monday that it has reached an agreement with hackers to recover data recently stolen during cyberattacks. The company stated it successfully convinced the unauthorized actors to return the data, which has reportedly been destroyed on the hackers’ end. Specific details regarding the terms of the agreement and the identity of the attackers were not disclosed.

Instructure emphasized the importance of safeguarding customer peace of mind amid concerns over cyber threats. The firm continues to collaborate with cybersecurity experts for forensic analysis and is working to strengthen its security measures. The hackers, identified as ShinyHunters, reportedly claimed to have obtained data from 275 million individuals and assured that the data has been deleted, stating that neither Instructure nor its customers would be targeted again for ransom.

The cyberattacks involved unauthorized access on April 29, resulting in the theft of course names, email addresses, enrollment information, and usernames. Following a second intrusion, some users faced alterations to Canvas login pages. As a precaution, Instructure has temporarily suspended its “Free-For-Teacher” accounts.

The decision to engage with the hackers has drawn criticism from experts in cybersecurity. Cliff Steinhauer, director of information security at the National Cybersecurity Alliance, warned that paying a ransom may create a harmful cycle that rewards attackers for breaches. The FBI’s Cyber Division also advises against responding to ransom demands, encouraging organizations to avoid engaging with criminals.

Why this story matters