Loading...
Loading...
Instructure, owner of the Canvas learning management system, paid a ransom to the ShinyHunters group after two breaches that disrupted service and exposed data affecting roughly 275 million users across more than 8,800 institutions. The company said it secured shred logs and assurances that customers would not face extortion, recovered data and source code, and worked with law enforcement and forensic vendors to restore access, reset credentials and harden systems. The incident highlights escalating ransomware threats to education technology platforms, the operational impacts on students and staff, and difficult trade-offs SaaS providers face when responding to large-scale cyberattacks.
The incident shows ransomware actors targeting large education SaaS platforms can disrupt operations for students and staff and expose massive datasets, forcing tech teams to make rapid remediation and disclosure decisions. Tech professionals must reassess incident response, backup, and vendor risk practices given the scale and sensitive nature of exposed education data.
Dossier last updated: 2026-05-24 01:50:36
A prolific ransomware actor known as ShinyHunters has resurfaced after a quiet period and claimed three new victims, according to monitoring posts by Dark Web Informer. The reported targets include U.S.-based DentaQuest (a dental benefits and oral health company) and Charter Communications (Spectrum), with at least one victim’s site showing an “Access Denied” response. The update notes industry concerns about organizations appearing to pay ransoms to regain access, a trend that may encourage repeat activity by extortion groups. This matters to tech and cybersecurity teams because continued payouts can perpetuate attacks, undermine incident response norms, and risk further data exposure across healthcare and telecom sectors.
Canvas的母公司与此次数据泄露事件背后的黑客组织达成协议
Instructure has paid a ransom to the ShinyHunters cybercriminal group after the gang twice breached its Canvas learning management system, recovering data for roughly 275 million users across more than 8,800 institutions. The company said it obtained shred logs and assurances no customers will be extorted, and that individual schools need not negotiate with the attackers. Canvas outages disrupted students and faculty in the run-up to finals; stolen data reportedly included names, email addresses, student IDs and private messages. Instructure declined to disclose the payment amount and said it’s working with forensic vendors to harden systems and review the incident. The attack follows ShinyHunters’ other high-profile university breaches.
Instructure, operator of the Canvas learning management system used by universities and schools, paid a ransom to hackers after a May 2026 breach disrupted access to Canvas and exposed source code and data. The company confirmed the payment in an incident update as reports — including the New York Times — detailed negotiations with the criminals who had encrypted systems and threatened to leak stolen materials. Instructure said it worked with law enforcement and cybersecurity experts while restoring services and resetting credentials; officials warned of potential data exposure. The episode underscores growing ransomware risks to education tech platforms and the operational and reputational stakes for widely used SaaS providers.