Instructure, the parent company of Canvas, has reached an agreement with hackers to delete data stolen during a major breach. The cyberattack disrupted final exams for millions of students at thousands of U.S. colleges and K-12 schools.
Key Takeaways
Instructure struck a deal with hackers to delete data stolen from Canvas after a major breach disrupted final exams for millions of students. The company confirmed the return of sensitive information but acknowledged uncertainty about complete erasure.
- Instructure reached an agreement with ShinyHunters to destroy stolen data
- Hackers returned compromised information, including student IDs and email addresses
- No evidence found that passwords or financial details were taken
- Universities canceled or postponed exams due to the disruption
The ShinyHunters hacking group claimed responsibility for the breach, which affected 30 million users at half of North American higher education institutions. The group threatened to release sensitive data from nearly 9,000 schools worldwide unless affected institutions negotiated settlements by May 12, 2026.
Instructure confirmed that identifying information like names and email addresses was compromised but stated there is no evidence that passwords or financial details were taken. The company temporarily shut down its Free-for-Teacher accounts as a precautionary measure and has been working with expert vendors to conduct a forensic analysis and further harden its systems.
The breach caused significant disruptions, with several universities across California and other states postponing or canceling final exams. Student newspapers at Harvard, the University of Pennsylvania, Duke, UCLA, and the University of Nebraska reported being blocked from using Canvas and saw messages from ShinyHunters claiming to have data tied to nearly 9,000 schools.
Instructure detected unauthorized activity on April 29, 2026, and immediately revoked the hacker's access. The company identified additional unauthorized activity on May 7 but found no evidence that further data was taken during this incident. Instructure has not publicly verified the full scale of ShinyHunters' claims.
The disruption highlighted vulnerabilities in relying on a single centralized platform for academic operations and raised concerns about data privacy and cybersecurity in educational settings. Many institutions advised users to be vigilant against phishing attempts, with some schools taking additional measures such as disabling Canvas access until they were confident in the system's security.
How this summary was created
This summary synthesizes reporting from 6 independent publishers using AI. All sources are cited and linked below. NewsBalance is a news aggregator and media literacy tool, not a news publisher. AI-generated content may contain errors or inaccuracies — always verify important information with the original sources.