Instructure Says Stolen Canvas Data Was Deleted by Hackers
Instructure, the company behind the popular Canvas educational platform, says it has reached an agreement with hackers following a major cyberattack that disrupted schools and universities worldwide.
The breach, claimed by hacking group ShinyHunters, exposed data tied to nearly 9,000 schools and an estimated 275 million users. The hackers threatened to leak the stolen information unless ransoms were paid.
What Data Was Compromised?
According to Instructure, the exposed information may include:
- Student and staff names
- Email addresses
- Student ID numbers
- Messages sent through Canvas
The company said there is currently no evidence that passwords, financial information, government IDs, or birth dates were stolen.
Canvas Outage Caused Panic During Finals
The cyberattack temporarily forced Canvas offline, leaving students and faculty unable to access assignments, grades, exams, and course materials during final exam season.
Many schools rely heavily on Canvas for online learning, submissions, classroom discussions, and communication between instructors and students.
Hackers Reportedly Deleted the Stolen Data
Instructure said the hackers returned the stolen data and provided “digital confirmation,” including so-called “shred logs,” claiming remaining copies had been destroyed.
However, the company admitted there is no guaranteed way to verify that cybercriminals permanently erased all stolen information.
Investigation Continues
Instructure said cybersecurity experts are conducting a forensic investigation while the company works to strengthen its systems and review the full scope of the breach.
The company did not disclose whether money was paid as part of the agreement with the hackers.
This story comes from our news partner ABC13 Houston.