TL;DR
Instructure paid a ransom to the ShinyHunters group after they hacked Canvas twice within two weeks. The payment resulted in data destruction and service restoration, but details remain unclear.
Instructure has paid a ransom to a cybercriminal gang following two breaches of its Canvas learning management system within two weeks, affecting approximately 275 million users. The company confirmed that the hackers returned the compromised data and that all affected services are now operational, marking a rare instance of a major ed-tech firm engaging in ransom payment.
According to an update published by Instructure on Monday night, the company paid an undisclosed ransom to the hacking group ShinyHunters after they infiltrated Canvas twice this month. The hackers claimed to have stolen data including names, email addresses, student IDs, and private messages, and demanded payment to prevent data leaks. The ransom was paid just before the May 12 deadline set by the hackers.
Instructure stated that it received digital confirmation of data destruction, including shred logs, and was assured that no customer data would be leaked publicly or otherwise. The company added that the payment covered all impacted customers and that individual institutions need not engage with the hackers or ShinyHunters directly. The breach disrupted Canvas services, which are used by 41 percent of North American higher education institutions, causing widespread exam postponements and delays.
Following the second breach, Instructure’s CEO Steve Daly acknowledged the company’s initial response was insufficient and promised improved communication. As of Monday afternoon, the company reported that all Canvas environments are now available and operational.
Why It Matters
This incident highlights the growing threat of cyberattacks targeting educational technology platforms, with potential repercussions for student data privacy and institutional credibility. The decision to pay a ransom raises questions about cybersecurity practices and the risks of enabling cybercriminal activity. The breach also underscores the vulnerability of widely used LMS platforms in higher education, which could face increased scrutiny and security investments as a result.
DUSLANG 17 Inch Laptop Backpack for Travel Water Resistant College Backpack for Men/Women Laptop Bag with USB Charging Port,Black
COMPARTMENT CAPACITY & POCKETS:Separate laptop compartment fits 17/15/14/13 Inch Macbook/Laptop.Separate compartment Fits Maximum 9.7” iPad.Main compartment roomy for…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Over the past year, several major universities, including the University of Pennsylvania, Princeton, and Harvard, have experienced data breaches linked to ShinyHunters. Instructure’s Canvas platform has been targeted twice in May, with the first incident occurring around May 3 and a second on May 5, causing service outages during critical exam periods. The hackers have publicly demanded payment and threatened to leak data if their demands are not met, with the May 12 deadline approaching.
“Last week, we made a call to get the facts right before speaking publicly. That instinct isn’t wrong, but we got the balance wrong. We focused on fact-finding and went quiet when you needed consistent updates. You’ve been clear about that, and it’s fair feedback. We will change that moving forward.”
— Instructure CEO Steve Daly
“Our demand was not even as high as you might think it is. The company seemingly does not care about all the students affected and the institutions impacted by this data breach.”
— ShinyHunters group
Kingston Ironkey Locker+ 50 32GB Encrypted USB Flash Drive | USB 3.2 Gen 1 | XTS-AES Protection | Multi-Password Security Options | Automatic Cloud Backup | Metal Casing | IKLP50/32GB,Silver
XTS-AES Encryption with Brute Force and BadUSB Attack Protection
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how much money was paid, the full extent of the data destroyed, and whether any data was leaked despite the company’s claims. Details about the hackers’ methods and whether additional breaches are possible are still emerging. The long-term security implications for Canvas and other educational platforms are also uncertain.
SightPro Magnetic Laptop Privacy Screen 14 Inch 16:10 – Patented Removable Laptop Privacy Filter Shield and Protector
【Instant Snap-on Magnetic Attachment】- The Patented Magnetic Privacy Screen – Protected by U.S. Patents 9,829,669 and D844,012. Simply…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Instructure is expected to continue forensic analysis and security enhancements. The company will likely monitor for further threats and update stakeholders on any additional breaches or vulnerabilities. Institutions using Canvas may review their cybersecurity protocols and data management practices in response.
DataLocker DL4 FE 2 TB Password Protected Hardware Encrypted HDD, Easy Screen Guided Use, AES 256, IP64 Dust, TAA Compliant Trusted Supply Chain, OS Independent, USB-C/USB-A
TAA Compliant: Our portable USB C external hard drive meets strict Trade Agreements Act (TAA) standards, making it…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did Instructure confirm how much money was paid?
The company did not disclose the ransom amount paid to the hackers.
Are students’ personal data safe now?
Instructure claims that the hackers returned the data and that no information will be leaked publicly, but the situation remains under review.
Will this hack affect future use of Canvas?
Instructure has indicated that all Canvas environments are now operational and is likely implementing additional security measures to prevent future breaches.
Could there be further attacks or data leaks?
The situation is still developing, and the potential for further threats or leaks cannot be entirely ruled out at this time.
