:

CANVAS REACHES DEAL WITH HACKERS OVER STOLEN DATA

SECURITY DESK2 MIN READ
TUE, MAY 12, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Instructure, owner of the Canvas learning management platform, says it has reached an agreement with the ShinyHunters hacking group to recover stolen student data following a breach last week.

The ShinyHunters group claimed responsibility for breaching Canvas systems and threatened to publish 3.5 terabytes of student data unless ransom demands were met. Instructure confirmed the stolen data has been returned as part of the agreement. The attack forced Canvas offline briefly before the company restored service. ShinyHunters, a known cybercriminal group, had publicly threatened to leak the data online if their "settlement" demands were not satisfied. Details about the financial terms of the agreement remain undisclosed. Instructure has not specified what information was accessed during the breach or how many students were affected. Canvas serves millions of students and educators across K-12 schools and higher education institutions globally. The platform hosts course materials, assignments, grades, and other sensitive academic information. This incident adds to a growing list of education sector breaches targeting learning management systems. Schools and universities increasingly face sophisticated cyberattacks aimed at obtaining personal and financial data of students and staff. Instructure has not released a full security report detailing how the breach occurred or what preventive measures will be implemented. The company typically provides incident reports to affected institutions and users, though timelines vary. The agreement with ShinyHunters does not guarantee the data will not be sold or leaked through other channels. Cybersecurity experts note that such agreements with criminal groups offer limited assurance, as stolen data can be copied and distributed despite promises of deletion.

■ SOURCES

The Verge

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.

JUST NOWSecurity Desk

A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.

JUST NOWAI Desk

Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.

JUST NOWAI Desk

Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.

JUST NOWDev Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.