As discussed in our previous article, on May 7, 2026, Instructure experienced a significant data breach affecting Canvas, an online education management platform utilized by over 8,000 schools and universities across the country. ShinyHunters, a criminal hacking group, claimed responsibility for the attack and posted a ransom note with a deadline of May 12, 2026, for Instructure to negotiate a settlement. On May 11, 2026, Instructure publicly confirmed that it reached an agreement with ShinyHunters to pay an undisclosed ransom. The agreement allegedly covers all affected Instructure customers, eliminating the need for them to individually engage with the hackers. According to Instructure’s statement, as a result of the negotiation:
- The impacted data was returned to Instructure
- ShinyHunters provided digital confirmation that all exfiltrated data was destroyed/deleted (including shred logs)
- ShinyHunters provided assurances that no Instructure customers will be individually extorted as a result of this cyberattack
Instructure did not otherwise disclose the specific terms of the agreement or what it gave the hackers in exchange for the return of the impacted data.
While the agreement reduces the risk of the exfiltrated data being further disclosed, misused and/or publicly disseminated, it may not eliminate the legal obligations of Instructure and its institutional customers. Specifically, impacted customers should investigate the precise categories of data potentially at risk, and work with legal counsel to determine whether notification obligations persist. We are still awaiting more information from Instructure relating to impacted data. Instructure will provide a webinar and will continue to update its customers regarding the incident. We encourage all impacted institutions to continue consulting with counsel regarding their legal obligations in the wake of this breach. We will continue to provide updates as we receive more information.
To monitor updates regarding this breach, visit https://www.instructure.com/incident_update for the latest information from Instructure.
Thank you for associate Courtney Ryan for her assistance in drafting this memorandum.
[View source.]
