United States education platform pays ransom to hackers
Read, Watch or Listen
United States-based Instructure, the developer of the widely used Canvas learning management system, has confirmed it paid a ransom to the cyber-extortion group ShinyHunters after a massive breach affecting education institutions worldwide. The company said it transferred the payment one day before a final deadline of May 12, 2026, following the theft of 3.6 terabytes of data linked to roughly 275 million users at more than 8,800 institutions, including major U.S. universities and K-12 school districts. Stolen information included student and staff names, email addresses, ID numbers and billions of private messages exchanged on the platform. The attackers escalated the incident on May 8 by defacing login portals at about 330 institutions, blocking access for students and faculty during critical final examination periods. United States investigators found that the hackers exploited a vulnerability in Canvas’s “Free-For-Teacher” account feature to bypass security boundaries and reach institutional data, prompting Instructure to disable that feature and deploy additional security patches. Chief executive Steve Daly said the company received digital confirmation of data destruction in the form of “shred logs” and assurances from ShinyHunters that it would not further extort Instructure’s customers, although the firm did not disclose the size of the ransom. The Federal Bureau of Investigation generally advises against paying ransoms, but Instructure said it proceeded with the settlement because of the immediate risks to student privacy and the disruption to academic operations during exams.
Prepared by Emily Rhodes and reviewed by editorial team.
Timeline of Events
- Early 2026 Hackers exploit Free-For-Teacher vulnerability
- Early 2026 Attackers access institutional Canvas data
- May 8, 2026 Login portals defaced at 330 institutions
- May 8, 2026 Students, faculty blocked during examinations
- May 11, 2026 Instructure pays ShinyHunters ransom demand
- May 11, 2026 Company receives digital shred log confirmations
- May 12, 2026 Final ransom payment deadline set
- Mid-May 2026 Instructure applies patches, disables feature
Why This Matters to You
Your data might be at risk if you're part of the 275 million users affected. Check if your school uses Canvas and change your password immediately. Be cautious of suspicious emails that could be phishing attempts.
The Bottom Line
This breach shows how vital cybersecurity is in our digital age, especially in education. Instructure's decision to pay the ransom, while controversial, aimed to protect student privacy and academic operations. Worth forwarding if you know someone in the education sector.
- Articles Published:
- 1
- Right Leaning:
- 0
- Left Leaning:
- 0
- Neutral:
- 1
- Distribution:
- Left 0%, Center 100%, Right 0%
Not specified in source.
Not specified in source.
Coverage of Story:
From Left
No left-leaning sources found for this story.
From Right
No right-leaning sources found for this story.
Comments