Instructure reached an agreement with the hacking group ShinyHunters to delete data stolen from the Canvas educational platform [1, 2].

The deal follows a massive breach affecting millions of students and educators worldwide. Because Canvas is a primary infrastructure tool for global education, the potential leak of private data posed a significant risk to institutional security, and individual privacy.

Reports on Tuesday indicated the agreement was struck after the hackers threatened to leak the stolen information unless a ransom was paid [1, 2, 4]. The company said it opted for the deal to prevent the public exposure of user data [1, 2].

The scale of the breach is extensive, affecting up to 275 million users [1]. The Canvas platform is utilized by roughly 9,000 institutions across the globe [2].

ShinyHunters, the group responsible for the attack, targeted the platform's data repositories. By negotiating with the group, Instructure sought to ensure the permanent removal of the stolen files to protect the millions of individuals whose information was compromised [1, 2].

The company has not disclosed the specific terms of the agreement or whether a payment was made to the group. However, the priority remained the deletion of the data to mitigate the impact on the thousands of schools and universities that rely on the service [1, 2].

Instructure reached an agreement with the hacking group ShinyHunters to delete data stolen from the Canvas educational platform

This incident highlights the extreme vulnerability of centralized educational data hubs. By choosing to negotiate with ShinyHunters, Instructure prioritized immediate risk mitigation over the legal and ethical complexities of paying ransoms. The sheer volume of affected users—reaching nearly 300 million—underscores how a single point of failure in educational software can create a global privacy crisis for students and faculty.