{"id":212888,"date":"2026-05-12T17:32:00","date_gmt":"2026-05-12T21:32:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/12\/canvas-owner-reaches-agreement-with-threat-actors-after-data-breach\/"},"modified":"2026-05-12T17:40:06","modified_gmt":"2026-05-12T21:40:06","slug":"canvas-owner-reaches-agreement-with-threat-actors-after-data-breach","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/12\/canvas-owner-reaches-agreement-with-threat-actors-after-data-breach\/","title":{"rendered":"Canvas owner reaches \u2018agreement\u2019 with threat actors after data breach"},"content":{"rendered":"<p><a href=\"https:\/\/www.highereddive.com\/news\/canvas-owner-reaches-agreement-with-threat-actors-after-data-breach\/820049\/\">Canvas owner reaches \u2018agreement\u2019 with threat actors after data breach<\/a><\/p>\n<p><a href=\"https:\/\/www.highereddive.com\/news\/canvas-owner-reaches-agreement-with-threat-actors-after-data-breach\/820049\/\">https:\/\/www.highereddive.com\/news\/canvas-owner-reaches-agreement-with-threat-actors-after-data-breach\/820049\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-12 17:32:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.highereddive.com\">www.highereddive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>        Listen to the article<\/p>\n<p>            6 min<\/p>\n<p>            This audio is auto-generated. Please let us know if you have feedback.<\/p>\n<p>Instructure \u201creached an agreement\u201d with an unauthorized threat actor on Monday, just days after cybercriminals twice \u2014 within a little over a week \u2014 infiltrated the ed tech provider\u2019s Canvas learning management system.\u00a0\u00a0<br \/>\nThe latest cybersecurity incident on Thursday caused sweeping disruptions to colleges\u00a0and K-12 schools nationwide after the cybergang ShinyHunters posted a message that was seen by some users on their Canvas platforms. The post said that colleges could negotiate a settlement with ShinyHunters by Tuesday \u2014 the same deadline given to Instructure.<br \/>\nCybersecurity experts suggest Instructure\u2019s agreement appears to be a ransomware payment, a practice the FBI strongly discourages.\u00a0<\/p>\n<p>Instructure said that as a part of its agreement with an unnamed threat actor, the stolen data was returned to the ed tech company, and it had received digital confirmation of data destruction in the form of \u201cshred logs.\u201d The threat actor said no Instructure customers will be extorted from this incident, Instructure said, and no individuals impacted by the breach will need to engage with them.<br \/>\n\u201cWhile there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,\u201d Instructure said in a Monday statement on its website.\u00a0<br \/>\nNo \u2018guarantee\u2019 data will be deleted<br \/>\nShinyHunters has been confirmed as the group behind the Canvas cyberattack, as it posted about the initial incident to its leak site on May 3, said Rebecca Moody, head of data research at Comparitech, a cybersecurity and online privacy product review website, in a Tuesday statement.\u00a0<br \/>\nIn its May 3 post, ShinyHunters claimed to have stolen 3.65 TB of data from about 275 million users across 9,000 institutions worldwide, according to Moody. Instructure has not confirmed how many coleges or users were impacted by the recent data breaches.\u00a0<br \/>\n\u201cThis post and the individual school-by-school threats ShinyHunters has sent likely put pressure on Instructure to meet the ransom demands to try and prevent data from being leaked,\u201d Moody said. \u201cHowever, let&#8217;s not forget that ShinyHunters are cybercriminals. Even by paying this ransom demand, Instructure cannot guarantee the data will be deleted.\u201d<br \/>\nSeveral class action lawsuits have already been filed against Instructure in federal district courts over the data breach.\u00a0<\/p>\n<p>Instructure confirmed last week that hackers gained unauthorized access to its systems through its Free for Teachers platform on April 29 and May 7. The exposed data included usernames, email addresses, course names, enrollment information and messages, Instructure said. The company added that \u201ccore learning data (course content, submissions, credentials) was not compromised,\u201d and Canvas is now fully operational and safe to use.\u00a0<br \/>\nMichael Klein, senior director for preparedness and response at the Institute for Security and Technology, said that while he agrees with the FBI in most cases that organizations should not pay ransoms to cybercriminals after a data breach, sometimes there are situations in which the compromised data could cause physical harm \u2014 such as a ransomware attack on a hospital. In that situation, paying a ransom might be necessary, he said.\u00a0<br \/>\nWith the Instructure incident, however, Klein said he doesn\u2019t think the reported data that was compromised falls under such a scenario that would necessitate a payment.\u00a0<br \/>\n\u201cAlso, you can&#8217;t trust that a cybercriminal group is going to keep their word and not then go and extort all of the people downstream of that anyway,\u201d Klein said.<br \/>\nThe need for federal, state supports\u00a0<br \/>\nWhen PowerSchool got hacked in December 2024, Klein was working at the U.S. Department of Education as the senior advisor for cybersecurity. At the time, he was able to convene 41 states and Guam within a few days to share information on the incident including how to understand the challenges, communicate with the company, and mitigate the impact for schools.\u00a0<br \/>\nFast forward to the latest cyberattack on Instructure, and that federal authority and structure no longer exists, Klein said. In his own capacity at the Institute for Security and Technology, Klein said he was only able to convene 22 states on Friday to hold a similar conversation about Instructure after the \u201cwidespread\u201d and \u201cunderstandable freakout\u201d from Thursday\u2019s incident that caused disruptions for many school and college systems.\u00a0\u00a0\u00a0<br \/>\nWhen the Education Department convened states a year and a half ago during the PowerSchool incident, that protected gathering was made possible through the Critical Infrastructure Partnership Advisory Council, Klein said. A little over a year ago, however, the U.S. Department of Homeland Security ended that council\u2019s authority, he said.\u00a0<br \/>\nA DHS secretary could restore that authority without Congress, Klein said, and then the federal government could immediately assemble similar convenings again.<br \/>\nKlein added that restoring funding for the federal Multi-State Information Sharing Analysis Center, or MS-ISAC, could give school districts and state education agencies no-cost access to as much cybersecurity threat information as possible.\u00a0<br \/>\n\u201cThis incident, as well as the PowerSchool incident, demonstrates the importance of support from the federal and state level in order to build capacity for institutions that cannot do this work themselves,\u201d Klein said.<br \/>\nMeanwhile, on Tuesday, the Software &#038; Information Industry Association sent letters to lawmakers in both chambers of Congress calling for a $36 million investment in the FY 2027 budget to ensure schools have access to digital security services.\u00a0<\/p>\n<p>SIIA called for $20 million to fund MS-ISAC and $10 million for the Readiness and Emergency Management for Schools Technical Assistance Center to reestablish a central hub for school-specific cyber-incident management. The group also urged that another $6 million is needed to support the Education Department in its role as the leading agency for coordinating educational cybersecurity.<br \/>\n\u201cFollowing the 2025 federal funding shifts that resulted in the \u2018offboarding\u2019 of school districts from essential threat monitoring services and the shuttering of key technical assistance centers, America\u2019s K-12 education sector is currently at its most vulnerable state in a decade,\u201d said SIIA\u2019s letter to leaders on the Senate Appropriations Subcommittee on Labor, Health and Human Services, Education, and Related Agencies.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Canvas owner reaches \u2018agreement\u2019 with threat actors after data breach https:\/\/www.highereddive.com\/news\/canvas-owner-reaches-agreement-with-threat-actors-after-data-breach\/820049\/ Publish Date: 2026-05-12 17:32:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":212890,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/tOqPwLTyb_LMNE5tf52AiHIezDFl2URR0n9N3WlK8dQ\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzQzMzQ5NTU4LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,34],"class_list":["post-212888","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212888"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=212888"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212888\/revisions"}],"predecessor-version":[{"id":212892,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212888\/revisions\/212892"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/212890"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=212888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=212888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=212888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}