:

CANVAS PAYS RANSOM AFTER STUDENT DATA BREACH

SECURITY DESK1 MIN READ
SUN, MAY 17, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Education platform Canvas confirmed it reached a settlement with hackers following a major ransomware attack that compromised hundreds of millions of student records and caused widespread service disruptions.

Instructure, the US firm operating Canvas, disclosed the agreement after a week of outages affected schools globally. The attack resulted in stolen data, delayed assignment deadlines, and defaced login pages. The ransom decision highlights a recurring dilemma for companies facing data breaches. While cybersecurity experts and government agencies consistently advise against paying attackers—arguing it funds criminal operations and encourages future attacks—many organizations proceed anyway to mitigate privacy risks and restore operations quickly. Once ransoms are paid, questions persist about stolen data. Cybercriminals often claim to delete information but provide no verification. Some data inevitably circulates on dark web marketplaces or leaks publicly despite payment. Canvas users now face uncertainty about whether their information remains secure. Instructure has not disclosed specific details about the settlement or confirmed data deletion. The incident underscores the growing threat to education infrastructure and the difficult calculus institutions face when balancing ransom demands against operational and reputational costs.

■ SOURCES

The Guardian — Technology

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

The Los Angeles Police Department has declined to renew its contract with Flock Safety, citing data privacy concerns. The decision marks a shift in the department's approach to automated license plate reader technology.

2H AGOIndustry Desk

Department of Homeland Security analysts dismissed suspicious network activity detected in May as harmless before confirming a breach in June, according to internal documents.

2H AGOSecurity Desk

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that Russian state-sponsored hackers are actively targeting residential routers. The threat escalates as attackers seek to exploit routers for use as residential proxies.

2H AGOSecurity Desk

Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.

4H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.