TL;DR
Instructure has reached an agreement with the cybercriminal group ShinyHunters after two separate breaches. The hackers stole data affecting millions of students and staff but claim to have destroyed the data as part of the deal. The terms of the agreement remain undisclosed.
Instructure has reportedly reached an agreement with the hacking group ShinyHunters following two separate cyberattacks that compromised its systems and stole sensitive data, including personal information of students and staff. The deal, confirmed by the company on Tuesday, involves the hackers claiming to have destroyed the stolen data, potentially ending the threat to its customers. This development is significant as it highlights ongoing challenges in cybersecurity for educational technology providers and raises questions about the handling of ransom negotiations.
On Tuesday, Instructure announced that it had ‘reached an agreement’ with ShinyHunters, the cybercrime group responsible for the April 29 data breach and a subsequent attack last week. The hackers, who claimed to have stolen data from nearly 9,000 schools, had threatened to publish the information if their ransom demands were not met. According to Instructure, the hackers provided evidence that the stolen data was destroyed as part of the agreement, and the company emphasized that their customers would not be extorted further. The company did not disclose the financial terms of the deal or whether any ransom was paid.
The data stolen includes student names, personal email addresses, and private messages exchanged between teachers and students. The breach affected approximately 275 million individuals, according to the hackers. The second attack involved defacement of Canvas login pages on school websites, which the company described as a pressure tactic by the hackers. Instructure stated that the two breaches involved different systems and are considered separate incidents. The company is still investigating the breaches and has not publicly identified who is responsible or who oversees cybersecurity measures.
Why It Matters
This development matters because it underscores the persistent cybersecurity vulnerabilities faced by educational technology providers, which manage sensitive student and staff data. The decision to negotiate with hackers, especially without disclosing whether a ransom was paid, raises concerns about encouraging future extortion attempts. The incident also highlights the potential impact on thousands of schools and millions of students, emphasizing the importance of robust cybersecurity protocols in the education sector.
CYBERSECURITY DICTIONARY for Everyone: 1250 Terms Explained in Simple English
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Instructure’s breaches are part of a broader trend of cyberattacks targeting educational institutions and software providers. In 2024, PowerSchool, another major education software company, paid hackers after a massive data breach affecting 70 million students and staff. The FBI issued warnings advising victims not to pay ransom demands, citing risks of continued extortion and data retention by cybercriminals. ShinyHunters, the group responsible for the Instructure breaches, is known for financially motivated attacks and has previously targeted other organizations. The incident follows a pattern of cybercriminals exploiting vulnerabilities in educational systems, which often lack comprehensive security measures.
“We have reached an agreement with the hackers, and they have provided evidence that the stolen data has been destroyed.”
— Instructure spokesperson Brian Watkins
“The data is deleted, gone. The company and its customers will not be further targeted or contacted for payment by us.”
— ShinyHunters representative
Data Shredder Stick – Secure Data Wiping Tool for Windows, Permanently Erase Files and Wipe Drives with Military-Grade Precision
Securely Wipe Hard Drives – When files are deleted from hard drives, they are placed in unallocated space…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear whether Instructure paid any ransom or if the hackers truly destroyed all the stolen data. The specifics of the agreement, including financial terms, have not been disclosed. Additionally, it is uncertain whether the company’s cybersecurity measures will be strengthened to prevent future breaches or if similar incidents could recur.
educational institution cybersecurity kits
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Instructure is expected to continue investigating the breaches and may update its cybersecurity protocols. Regulatory authorities and affected schools will likely monitor the situation for signs of further malicious activity. The company may also face scrutiny over its handling of the incident and the decision to negotiate with cybercriminals.
Incident Response for Windows: Adapt effective strategies for managing sophisticated cyberattacks targeting Windows systems
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did Instructure pay a ransom to the hackers?
The company has not disclosed whether a ransom was paid. The hackers claimed to have destroyed the data, but the details remain confidential.
What data was stolen in the breach?
The stolen data includes student names, personal email addresses, and private messages exchanged between teachers and students.
Will this affect the security of schools using Canvas?
The breach highlights vulnerabilities in security, and affected schools should review their cybersecurity measures and monitor for suspicious activity.
What are the legal or regulatory implications for Instructure?
Authorities may scrutinize the company’s response and cybersecurity practices, especially given the breach’s scale and impact.
