ACCORDING to The Hacker News, American educational technology company Instructure said it reached an agreement with the ShinyHunters extortion group after breaching its network and threatening to leak data from thousands of schools. The company disclosed that the breach involved 3.65TB of data and impacted nearly 9,000 organisations, with a second wave of unauthorised activity detected on 7 May 2026.
Instructure stated the agreement covers all its impacted customers, that pilfered data was returned, and that there was digital confirmation of data destruction; it also noted that none of its customers would be separately extorted as a result of the hack.
The disclosure followed reports that attackers weaponised a vulnerability related to support tickets in Free-for-Teacher to gain initial access and siphon about 275 million records containing usernames, email addresses, course names, enrolment information and messages, while course content, submissions and credentials were not compromised. A deadline to negotiate a ransom or risk a data leak was issued by the attackers for 12 May 2026. Instructure said it has been working with expert vendors to support forensic analysis, improve cybersecurity posture, and conduct a data review.