Canvas hack: Company pays criminals to delete students' stolen data

The company behind the popular Canvas software, which was hacked last week causing major disruption at thousands of universities and colleges, has paid the hackers not to publish stolen data online.

The cyber-attack affected an estimated 9,000 institutions in the US, Canada, Australia and the UK, with exams disrupted after the Canvas service went down.

The hackers threatened to publish 3.5 terabytes of student and university data they had stolen in the breach.

Instructure, the maker of Canvas, has now confirmed it has "reached an agreement" with the hackers, who have said they deleted the data and promised not to extort any students or institutions.

Paying cyber criminals goes against the advice of law enforcement agencies around the world, as it can fuel further attacks and offers no guarantee the data has been deleted.

Canvas hack: Company pays criminals to delete students' stolen data

Other newsrooms on this story

Related reading

Canvas platform strikes deal with hackers to delete students’ stolen data

Canvas parent settles with hacker group that stole user data

The Canvas Hack Shows Ransomware Isn’t Going Anywhere

Canvas platform hacked by ransomware group during finals - UPI.com

Cyber attack disrupts swath of US universities and schools nationwide

Security incident hits Canvas as finals loom for students across US