The company behind Canvas, one of the most widely used online learning platforms in education, says it has struck a deal with hackers to delete student data stolen in a cyberattack that disrupted final exams across thousands of schools last week.
Instructure, Canvas’s parent company, announced it had “reached an agreement with the unauthorized actor involved in this incident” but provided no details about whether the deal involved a ransom payment or who was behind the attack.
The breach created chaos for students and faculty who suddenly found themselves locked out of a platform they depend on for grades, course materials, and assignment submissions. Many universities were forced to delay final exams as a result. The incident highlights how vulnerable critical education infrastructure has become to cybercriminals, and raises questions about whether paying hackers actually protects student data or simply encourages more attacks.
A hacking group called ShinyHunters claimed responsibility for the breach, threatening to leak data from nearly 9,000 schools worldwide and 275 million individuals unless schools paid a ransom by May 6. The group later extended the deadline, suggesting some institutions had begun negotiating.
Under the agreement, Instructure says it received the stolen data back along with “digital confirmation” in the form of “shred logs” that the hackers had destroyed any remaining copies. However, the company acknowledged there’s no way to be completely certain the data was actually erased.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind,” Instructure said.
The compromised data appears to include:
- Student ID numbers
- Email addresses
- Names
- Messages sent through the Canvas platform
Instructure’s chief information security officer Steve Proud said the company found no evidence that passwords, birth dates, government IDs, or financial information were stolen.
Canvas serves as the digital backbone for education at many institutions. The platform functions as a grade book, houses digital lectures and course materials, provides discussion boards for projects, and enables messaging between students and instructors. Some schools also use it to administer quizzes and exams or as a portal for submitting final projects and papers.
The breach underscores how dependent modern education has become on digital platforms, and how disruptive cyberattacks can be during critical periods like finals week. It also raises concerns about the security practices of companies handling sensitive student information.
Instructure says it’s working with security experts to conduct a forensic analysis of the breach and strengthen its systems. The company temporarily took Canvas offline during the investigation, which contributed to the widespread disruption at affected schools.