The breach caused chaos for students, many of whom were in the middle of final exams.
WASHINGTON — The company that operates the online learning system Canvas says reach agreement Work with hackers to delete the data they stole cyber attack This has caused chaos for students, many of whom are in the middle of final exams.
Instruct, Canvas’ parent company, said in an online post that it “has reached an agreement with the unauthorized actors involved in this incident” event“.
The company did not provide any details of the agreement, including whether payments were involved, or detail who was behind the hack. Instruct has temporarily taken over System offline Students and teachers are being kept away from the school during the investigation.
A hacker group called ShinyHunters claimed responsibility for last week’s breach and threatened to leak data involving nearly 9,000 schools and 275 million individuals around the world if schools did not pay the ransom by May 6. The group later extended the deadline, saying some schools were already in talks with them.
ShinyHunters was also behind a smaller infrastructure breach last year. A lawsuit filed last week in federal court in Utah alleges that Instruct did not do enough to protect a platform used by millions of students and made itself “easy prey for cybercriminals.”
As part of the transaction, data is returned to Instruct. The company said on Monday it had also received “digital confirmation” that hackers destroyed any remaining copies in the form of “shredded logs.”
The company admitted it could not ensure the data was permanently deleted and said it took action because of concerns it could be made public.
Instruct said: “While there is never complete certainty when dealing with cybercriminals, we believe it is important to take every step within our control to give our customers as much peace of mind as possible.”
Cybersecurity experts doubt the attack is over. Cynthia Kaiser, former deputy director of the FBI’s cyber division, said the reported transactions suggested a ransom may have been paid.
“What victims must understand is that payment does not end the threat,” Kaiser, now senior vice president at the Halcyon Ransomware Research Center, said in a written statement. “As long as it remains profitable, stolen data will be used against customers and users.”
Steve Proud, chief information security officer at Instruct, said earlier this month that the data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform. The company said it found no evidence that passwords, dates of birth, government identities or financial information were compromised.
The company said it was working with “expert vendors” to conduct forensic analysis, “further enhance” its systems and conduct a comprehensive review of the data involved.
The outage caused panic last week among students and staff who lost access to the platforms they rely on to manage grades and access course notes and assignments.
Schools and universities use Canvas to manage nearly all aspects of instruction. The platform serves as a gradebook, a hub for digital lectures and course materials, a discussion board for class projects, and a messaging platform between students and instructors.
Some courses also run quizzes and exams on the platform, or use it as a portal to submit final projects and papers before deadlines.
Copyright 2025 The Associated Press. all rights reserved. This material may not be published, broadcast, rewritten or redistributed.
