DATABREACHES [.]net reports that Instructure paid ShinyHunters after its second attack, and that the payment was reportedly higher than what would have been negotiated in April, with the exact amount not disclosed. The article notes that ShinyHunters has stated the data was deleted and that no Instructure customers will be targeted for payment by them, while emphasising that the company’s update did not fully address the payment issue.
It is discussed that some experts claim ShinyHunters routinely deletes data and sometimes recycles or resells older data, though DataBreaches says most experts contacted did not provide specific evidence. The piece references a CrowdStrike 2025 ransomware survey indicating that most paying victims experienced another attack, and that exfiltration occurred in a large majority of cases, with 45% unable to recover all data after payment.
It also cites a Hiscox 2025 survey showing that leaks still occurred even when victims paid to prevent data leaks, raising questions about guarantees of data destruction. Overall, the article frames the decision to pay as a complex mix of ethical, legal, and practical considerations, with claims that law enforcement and prevention resources influence victims’ choices.