Canvas software maker Instructure announced an agreement with hackers who breached its systems twice, though the company offered no assurance the attackers will honor the deal or refrain from releasing stolen data.
Instructure, which provides Canvas learning management software to schools and universities worldwide, disclosed it has reached an agreement with the threat actors responsible for two separate security breaches.
The company did not disclose specific terms of the deal or explain what concessions were made. In a statement, Instructure said it "reached an agreement" with the hackers but provided no guarantees regarding data protection or the attackers' future conduct.
The lack of transparency raises significant questions about the effectiveness of such negotiations. Cybersecurity experts have long warned that paying or negotiating with threat actors provides no binding assurance that stolen data will be deleted or withheld from public release. Hackers can easily copy files before agreeing to terms, then distribute the information later for additional profit.
Instructure serves educational institutions across multiple continents, making any data breach a concern for millions of students and staff members. The nature of the information accessed during the two breaches has not been fully disclosed.
This incident highlights the difficult position organizations face when targeted by cybercriminals. Schools and universities often choose negotiation as a last resort to minimize potential harm, despite the inherent risks of dealing with attackers who operate outside legal systems.
The company has not announced whether it will notify affected users about the breaches or provide details on what data was compromised. Instructure said it is working to strengthen security measures, a standard response that typically follows major incidents.
The agreement comes as educational institutions increasingly face cyberattacks. Ransomware gangs and data thieves frequently target schools due to their valuable student and staff records, often combined with limited IT resources compared to larger enterprises.
Users of Canvas should monitor their accounts for suspicious activity and consider changing passwords as a precautionary measure.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.