Instructure, the parent company of the online learning platform Canvas, has confirmed it reached an agreement with hackers who stole student data in a cyberattack that caused widespread disruption last week. The company said in an online post that it 'reached an agreement with the unauthorised actor involved in this incident', though it did not disclose whether a payment was made.
The breach locked students and faculty out of Canvas, a platform used to manage grades, course materials, and assignments, forcing some schools and universities to delay final exams. A hacking group called ShinyHunters claimed responsibility, threatening to leak data from nearly 9,000 schools worldwide and 275 million individuals unless a ransom was paid by 6 May. The group later extended the deadline, indicating negotiations with some schools.
As part of the deal, the stolen data was returned to Instructure, and the company received 'digital confirmation' in the form of 'shred logs' that the hackers destroyed any remaining copies. However, Instructure acknowledged there is no guarantee the data was permanently erased, stating: 'While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind.'
The compromised data included student ID numbers, email addresses, names, and messages on the platform, according to Instructure’s chief information security officer, Steve Proud. The company found no evidence that passwords, dates of birth, government identification, or financial information were accessed. Instructure is now working with forensic experts to analyse the breach and strengthen its systems.
Canvas is widely used by schools and universities to manage instruction, acting as a grade book, digital lecture hub, discussion board, and messaging system. Some courses also use it for quizzes, exams, and submission of final projects.



