American ed-tech giant Instructure, the company behind the widely used Canvas learning platform, confirmed Monday that it reached a ransom agreement with the ShinyHunters hacking group to prevent the leak of 3.65 terabytes of stolen data. The breach, which occurred last month, exposed personal information from thousands of schools and universities across the U.S., including student records, staff details, and internal communications.

The hackers, known for selling stolen data on dark web forums, claimed they had accessed Canvas servers and databases containing sensitive files. In a Monday update, Instructure said it ‘reached an agreement with the unauthorized actor involved in this incident’ without disclosing the ransom amount. The company added that it had ‘contained the incident’ and was working with law enforcement and cybersecurity experts to assess the full scope of the breach.

Canvas, one of the most popular learning management systems in the U.S., serves over 4,000 higher-education institutions and 40 million users. The platform is a critical tool for remote and hybrid learning, making the breach particularly alarming for educators and students. Schools that rely on Canvas for assignments, grades, and communication now face potential disruptions and reputational damage.

Cybercriminals Targeted Canvas for Months

ShinyHunters, a decentralized extortion group, has gained notoriety for high-profile breaches, including attacks on Microsoft and T-Mobile in recent years. Security researchers say the group often uses phishing emails or unpatched software vulnerabilities to gain access to corporate networks. Once inside, they steal data, encrypt files, and demand payment to prevent leaks or restore access.

Instructure’s breach appears to have started with a compromise of one of its third-party vendors, according to a person familiar with the investigation. The hackers then moved laterally within Instructure’s systems, accessing databases that store user credentials, course materials, and administrative records. The stolen data includes names, email addresses, and in some cases, Social Security numbers and financial information.

Schools Scramble to Respond

Universities and K-12 districts connected to the breach are now notifying affected students and staff. Some institutions have temporarily suspended Canvas logins while they review their security protocols. Others are urging users to change passwords and enable two-factor authentication as a precaution.

The breach comes at a time when schools are already under pressure from ransomware attacks and phishing scams. Just last month, the Los Angeles Unified School District was hit by a cyberattack that disrupted operations for weeks. Education institutions have become prime targets for cybercriminals due to their valuable data and often limited cybersecurity budgets.

Instructure has not released a full list of affected schools, but the incident could impact millions of users. The company says it’s ‘committed to transparency’ and will provide updates as more details emerge. For now, students and staff using Canvas should monitor their emails for breach notifications and take steps to secure their accounts.

What happens next? Instructure will likely face regulatory scrutiny and potential fines under laws like the Family Educational Rights and Privacy Act (FERPA), which protects student records. The company may also face lawsuits from affected users. Meanwhile, ShinyHunters could still sell or leak the data if they believe they can profit from it. Law enforcement agencies are now tracking the group’s movements across the dark web.

What You Need to Know

• Source: The Hacker News
• Published: May 12, 2026 at 07:37 UTC
• Category: Security
• Topics: #hackernews · #security · #vulnerabilities · #instructure-reaches-ransom · #agreement · #shiny

Read the Full Story

This is a curated summary. For the complete article, original data, quotes and full analysis:

Read the full story on The Hacker News →

All reporting rights belong to the respective author(s) at The Hacker News. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.

---

Curated by GlobalBR News · May 12, 2026

---

🇧🇷 Resumo em Português

Um grupo de hackers ameaçou expor dados sigilosos de milhões de estudantes brasileiros e internacionais. Para evitar o vazamento de 3,65 TB de informações confidenciais de usuários do Canvas — plataforma amplamente adotada por escolas e universidades no Brasil —, a Instructure, empresa que desenvolve a ferramenta, pagou um resgate ao grupo criminoso ShinyHunters. O ataque expôs não apenas dados acadêmicos, mas também informações pessoais, como nomes, endereços de e-mail e, em alguns casos, números de telefone e endereços físicos.

O vazamento coloca em xeque a segurança de uma das principais plataformas de educação digital no país, usada por instituições como a USP, Unicamp e inúmeras redes de ensino públicas e privadas. Especialistas alertam que o Brasil, alvo frequente de ciberataques devido à digitalização acelerada da educação e à falta de investimentos robustos em cibersegurança, pode ter sido fortemente impactado. Além disso, a exposição de dados de estudantes — muitos deles menores de idade — levanta preocupações sobre possíveis golpes, sequestros de identidade e assédio digital, exigindo respostas rápidas das autoridades e das próprias instituições de ensino.

Agora, resta saber se os dados vazados serão realmente destruídos pelos hackers ou se circularão em fóruns clandestinos, bem como quais medidas a Instructure e o governo brasileiro tomarão para fortalecer a proteção de informações tão sensíveis em um ambiente cada vez mais conectado.