Educational system Canvas says it reached a deal with hackers to delete stolen data
The article presents a factual account of the breach and settlement with minimal editorial slant. It balances Instructure's statement with acknowledgment of uncertainty (no guarantee data was deleted), includes the threat timeline and ShinyHunters' claims, and incorporates federal law enforcement perspective discouraging ransom payments alongside recognition that some companies negotiate anyway. Word choice is measured (e.g., 'said,' 'acknowledged,' 'claimed') without loaded language favoring either corporate or security-conscious framing.
Primary voices: corporate or institutional spokesperson, state or recognized government, media outlet
- This article does not address whether Instructure has purchased cyber insurance that may have covered ransom negotiation
- This article does not specify which federal law enforcement agencies commented or their exact guidance
- This article does not include perspective from affected educational institutions on their response or satisfaction with the outcome
Framing may shift if independent verification of data deletion emerges or if subsequent breaches from this incident occur, validating or undermining the negotiation strategy.
Government-sourcedBoth-sides framingNeutral language
Instructure, the company behind the widely used educational platform Canvas, said Tuesday it reached an agreement with hackers behind a sweeping cyberattack to delete stolen student and teacher data.
The Utah-based education technology company said the hackers returned the stolen data and provided what it described as “digital shred logs” showing the files had been deleted, though Instructure declined to say whether it paid a ransom or disclose details of the agreement.
The company acknowledged there is no guarantee cybercriminals would fully destroy stolen information, but said the arrangement reduced the risk of data being publicly leaked or customers being individually extorted.
The breach targeted Canvas, an online learning management system used by thousands of schools and universities to host assignments, grades, coursework, and communication between teachers and students. The cyberattack caused major outages last week, leaving students scrambling to access materials during finals week.
Instructure said the attack compromised names, email addresses, student identification numbers, and private messages exchanged among students, instructors, and school staff. However, the company said it found no evidence that passwords, Social Security numbers, financial information, or grades were accessed.
The hacker group ShinyHunters claimed responsibility for the attack and said it stole more than three terabytes of data affecting nearly 9,000 schools and approximately 275 million people worldwide, though the scope has not been independently verified. The group had threatened to release the information publicly unless a settlement was reached by May 12.
The threat prompted some universities and school systems to disable access to Canvas temporarily, while others delayed exams or extended assignment deadlines as students struggled to regain access to coursework. Institutions in the United States, Canada, and Australia reported disruptions.
Canvas’s hack renewed criticism over whether organizations should negotiate with hackers following ransomware-style attacks. Federal law enforcement agencies generally discourage paying ransom demands, warning there is no assurance stolen data will actually be destroyed and that payments can incentivize future cybercrime. Still, some companies have opted to negotiate when sensitive customer information is at risk.
Canvas is one of the most widely used learning management systems in higher education, serving schools in the U.S. and abroad.
Comments
No comments yet. Be the first.
Sign in to leave a comment.