[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNiZCULs9bvVs3omQokcjrGjdFoBX58GS0iondZH9vrA":3},{"article":4,"iocs":48},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":27,"category":28,"article_tags":32},"524ba4e1-cf2d-4b96-9473-f91eca919f63","Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform","deal-reached-with-hackers-to-delete-data-stolen-from-the-canvas-educational-plat-6b5502","The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals. The post Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform appeared first on SecurityWeek.","Instructure, operator of the Canvas online learning platform, announced it reached an agreement with the ShinyHunters threat group to delete data stolen in a cyberattack affecting nearly 9,000 schools and 275 million individuals. The breach exposed student IDs, email addresses, names, and platform messages, but not passwords or financial information. The company received 'shred logs' as digital confirmation of data destruction, though it acknowledged no absolute certainty when dealing with cybercriminals.","Instructure reaches deal with ShinyHunters to delete Canvas data stolen in breach affecting 9,000 schools.","The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals. Instructure, the parent company of Canvas, said in an online post that it “reached an agreement with the unauthorized actor involved in this incident.” The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack. Instructure temporarily took the system offline while it investigated, locking out students and faculty. A hacking group named ShinyHunters claimed responsibility for last week’s breach, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6. The group then extended the deadline, indicating some schools had engaged with them to negotiate. As part of the deal, the data was returned to Instructure. The company said Monday that it also received “digital confirmation” that the hackers destroyed any remaining copies, in the form of “shred logs.” The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data.Advertisement. Scroll to continue reading. “While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said. The data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform, Instructure’s chief information security officer, Steve Proud, said earlier this month. The company found no evidence that passwords, dates of birth, government identification or financial information were compromised, it said. The company said it was working with “expert vendors” to do a forensic analysis, “further harden” its systems, and carry out a “comprehensive review of the data involved.” The disruption caused panic last week among students and faculty members when they were locked out of a platform they rely on to manage grades and access course notes and assignments. Schools and universities use Canvas to manage nearly all aspects of instruction. The platform acts as a gradebook, a hub for digital lectures and course materials, a discussion board for classroom projects, and a messaging platform between students and instructors. Some courses also give quizzes and exams on the platform, or use it as a portal where final projects and papers are submitted on deadline. Related: Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools Related: 1.2 Million Affected by University of Hawaii Cancer Center Data Breach Written By Associated Press More from Associated Press Canvas System Is Online After a Cyberattack Disrupted Thousands of SchoolsCyberattack Hits Canvas System Used by Thousands of Schools as Finals LoomWorries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s LeadersUS Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified SystemsGermany Suspects Russia Is Behind Signal Phishing That Targeted Top OfficialsUS Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian SenatorTrump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in USMost Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says Latest News Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 MalwareWest Pharmaceutical Services Hit by Disruptive Ransomware AttackApple Patches Dozens of Vulnerabilities in macOS, iOSSAP Patches Critical S\u002F4HANA, Commerce VulnerabilitiesClaude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really MeansIs the SOC Obsolete, and We Just Haven’t Admitted It Yet?TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain AttackFrame Security Emerges From Stealth With $50M for Awareness and Training Platform Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: ROSI for CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveMalwarebytes has named Chung Ip as Chief Financial Officer.Semperis has appointed John Podboy as Chief Information Security Officer.Randy Menon has become Chief Product and Marketing Officer at One Identity.More People On The MoveExpert Insights Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fdeal-reached-with-hackers-to-delete-data-stolen-from-the-canvas-educational-platform\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F03\u002Fschool-education.jpeg","2026-05-12T13:26:46+00:00","2026-05-12T14:00:12.900672+00:00",7,[18,21,24],{"name":19,"type":20},"Instructure","vendor",{"name":22,"type":23},"Canvas","product",{"name":25,"type":26},"ShinyHunters","threat_actor","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":27,"icon":29,"name":30,"slug":31},null,"Breaches","breaches",[33,38,43],{"category":34},{"id":35,"icon":29,"name":36,"slug":37},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"category":39},{"id":40,"icon":29,"name":41,"slug":42},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",{"category":44},{"id":45,"icon":29,"name":46,"slug":47},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]