Instructure, the parent company of the widely-used educational platform Canvas, has confirmed that it has negotiated an agreement with the ShinyHunters cybercrime group following a significant data breach. The breach resulted in the theft of 3.65TB of sensitive information encompassing data from thousands of schools and universities. The agreement aims to halt the potential leak of this information, which could have severe implications for the institutions involved and their stakeholders.
For businesses, particularly in the education sector, this incident underscores the critical need for robust cybersecurity measures and proactive incident response strategies. Organizations must prioritize securing sensitive data and ensure that they are prepared for the growing threat of ransomware and data extortion. The negotiation highlights the complex dynamics between cybercriminals and organizations, emphasizing the importance of legal and technical preparedness in addressing cyber threats. As cyberattacks continue to evolve, understanding the motivations and tactics of cybercriminals will be essential for developing effective defenses and safeguarding sensitive information.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html)*