STOLEN Canvas data was reportedly “returned” after a hacker agreement, Instructure says, in a status update that dated May 11, 2026. According to Instructure, the breach involved usernames, email addresses, course names, enrollment information and private messages, though no passwords, dates of birth, government identifiers or financial information were involved. The incident has been linked to extortion group ShinyHunters, which claimed credit for the data breach and escalated pressure on victims.
Malwarebytes notes that while the data was “returned” and shred logs were provided, the real risk lies in copies that may have been made and shared, meaning downstream risks may persist even after the data is supposedly returned. Millions of students had personal data stolen, and the article also highlights that data remains capable of being used for highly targeted phishing and social engineering long after the headlines fade.