ACCORDING to Associated Press, a deal was reached with hackers to delete data they had stolen from the Canvas educational platform, after Instructure, the company behind Canvas, said it had struck an agreement with the unauthorized actor involved in the incident.
The breach had been linked to a hacking group named ShinyHunters, which claimed responsibility for the attack and had threatened to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6, a deadline the group later extended.
As part of the deal, the data was returned to Instructure, and the company said it also received “digital confirmation” that the hackers had destroyed any remaining copies, in the form of “shred logs.” Instructure noted there was no way to be sure the data was erased for good and said the action was taken to reduce the risk of publication.
The company added that passwords, dates of birth, government IDs or financial information were not found to have been compromised, and it is working with expert vendors to conduct a forensic analysis and harden its systems. May 12, 2026.