Instructure Pays Ransom After ShinyHunters Breaches Canvas Twice, Claiming 275 Million Records From ~8,800 Schools
Instructure, operator of the Canvas learning-management system, paid a ransom to the extortion group ShinyHunters after two breaches of Canvas within roughly ten days, in what reporting describes as the largest education.
VERDICT — CONFIRMED

Instructure, operator of the Canvas learning-management system, paid a ransom to the extortion group ShinyHunters after two breaches of Canvas within roughly ten days, in what reporting describes as the largest education-sector data incident on record. ShinyHunters claimed to have stolen 3.65 TB of data on approximately 275 million users across about 8,809 institutions worldwide. Per the Wikipedia incident record, unauthorized actors accessed Canvas systems on April 25, Instructure detected the intrusion on April 29, and the incident was disclosed publicly on May 1; ShinyHunters posted a ransom note on May 3 with a May 6 deadline. After Canvas was restored, a second breach on May 7 defaced login portals at hundreds of institutions with extortion messages and a May 12 deadline.
Instructure reached an agreement with the actor on May 11—one day before the deadline—stating the accord covers all impacted customers and includes digital confirmation of data destruction; unconfirmed reports cited by Wikipedia put the settlement near $10 million. Compromised data included names, email addresses, student ID numbers and large volumes of user messages (Inside Higher Ed described 'several billions of private messages'); Instructure said it found no evidence that passwords, birth dates, government IDs or financial information were involved. Many universities suspended final exams or postponed deadlines during the outage. A class-action suit was filed May 13 in California, and the U.S.
House Homeland Security Committee opened an inquiry. Security experts warned the payment reinforces extortion economics and that stolen data enables targeted phishing of staff, students and parents.

