Share
Instructure, the developer of education platform Canvas, has paid an undisclosed sum to cybercriminals to prevent the release of 3.5 terabytes of stolen student and university data.
The agreement followed a massive security breach discovered on April 29 that paralyzed operations at roughly 9,000 institutions across the UK, US, Canada, and Australia. The attack, claimed by the prolific extortion group ShinyHunters, targeted the cloud-based platform during peak exam season, causing widespread system outages and direct disruption to students.
ShinyHunters, an English-speaking group known for targeting high-profile entities including Gucci and Jaguar Land Rover, allegedly gained access via vulnerabilities in Instructure’s infrastructure. The group reportedly infiltrated the company twice over the past year.
During the most recent attack, students at Mississippi State University reported ransom notes appearing on their screens in the middle of online exams, leading the university to postpone assessments.
In a statement, Instructure confirmed it reached a settlement with the hackers to secure “digital confirmation of data destruction.” The company maintained that the agreement covers all affected customers, ensuring that neither institutions nor individual students would be further extorted.
“While there is never complete certainty when dealing with cybercriminals, we believe it was important to take every step within our control to give customers additional peace of mind,” the company stated.
The decision to pay the ransom contradicts standing advice from global law enforcement agencies, including the UK’s National Crime Agency and the FBI.
Authorities warn that payments fuel the cyber-criminal ecosystem and offer no technical guarantee that data is actually deleted. Recent investigations into other groups, such as LockBit, revealed that hackers often retain copies of stolen data for future sale or leverage even after being paid.
The breach has sparked a debate over the vulnerability of educational infrastructure. ShinyHunters, which typically operates via encrypted chats and demands payment in Bitcoin, refused to comment on the stress caused to students, simply stating they had “no comment” on the disruption.
As universities work to restore full service, the incident highlights a growing trend of “consent or pay” dynamics in digital security, where the safety of personal information is increasingly tied to financial negotiations between tech firms and global extortionists.
Related Posts
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.