Instructure strikes deal with hackers who breached it twice

Instructure, the maker of the popular school information portal Canvas, said on Tuesday it has “reached an agreement” with the hackers who breached its systems twice, stole a huge amount of student and staff data, and disrupted thousands of schools that rely on the company’s software.

ShinyHunters, a financially motivated cybercrime group, took credit for the April 29 data breach, claiming to have stolen student and staff data, including personal information, of 275 million people. The hackers said they had compromised Canvas, which nearly 9,000 schools use to manage their students’ data and coursework.

The hackers last week breached the company for a second time, defacing the Canvas login pages on school websites, as part of efforts to pressure the company into paying their ransom.

Instructure said on its incident page late on Monday that as part of the agreement, the hackers had provided evidence that the stolen data was destroyed and that Canvas customers would not be extorted.

The company acknowledged that there is “never complete certainty” when negotiating with cybercriminals but noted that customers should not have to engage with the hackers.

Instructure strikes deal with hackers who breached it twice | TechCrunch

Other newsrooms on this story

Related reading

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Other newsrooms on this story

Related reading

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Canvas owner secures student data in deal with hacking group

Canvas parent settles with hacker group that stole user data

Instructure strikes deal with ShinyHunters before ransom deadline

Data stolen from Canvas returned, parent company says - UPI.com

Deal reached with hackers to delete data stolen from the Canvas educational…