Instructure, the parent company of the Canvas learning platform, said it has reached an agreement with the hacking group known as ShinyHunters following a massive cyberattack that disrupted schools and exposed sensitive student information worldwide.
The company said the agreement resulted in the return and confirmed destruction of stolen data linked to the breach, which affected thousands of educational institutions using the Canvas learning management system. Instructure added that customers would not face additional extortion demands connected to the incident.
ShinyHunters also confirmed that the data had been deleted and said no further payment demands or contact would be made regarding the breach, according to Reuters.
READ: Hims & Hers hack: Telehealth company reports customer support system breach (April 3, 2026)
The cyberattack emerged earlier this month after hackers claimed to have stolen more than 3.5 terabytes of data, including student names, email addresses, ID numbers, enrolment details, and private messages exchanged on the platform. Security researchers and media reports said the breach may have impacted nearly 9,000 schools and as many as 275 million users globally.
Canvas is one of the most widely used educational technology platforms and is heavily relied upon by universities, schools, and public education systems for coursework, assignments, exams, and communication between teachers and students.
The incident caused widespread disruption during final examination periods at several schools in the United States, Canada, Australia, and Europe. Some institutions temporarily shut down access to Canvas while cybersecurity teams investigated potential exposure risks.
Instructure has not disclosed whether any ransom payment was made as part of the agreement. Cybersecurity experts have long debated the risks of negotiating with hacking groups, warning that such arrangements can encourage future attacks while offering no guarantee that stolen data has truly been destroyed.
READ: Byron Allen acquires BuzzFeed stake amid digital media uncertainty (May 12, 2026)
The breach also triggered political scrutiny in Washington. The House Homeland Security Committee requested a formal briefing from Instructure executives regarding the scope of the attack, the company’s response, and coordination with federal cybersecurity agencies.
According to prior company statements, the attackers exploited vulnerabilities tied to Canvas “Free-for-Teacher” accounts. Instructure later disabled parts of the service and said it was conducting a forensic review while strengthening internal security systems. This has become one of the largest education-related cybersecurity breaches on record and has renewed concerns over the growing concentration of student data within centralized education technology platforms.