Canvas parent settles with hacker group that stole user data

Instructure did not say what it had given the hacker group in exchange for the terms.

Instructure, the parent company behind Canvas, the education management platform reportedly hacked by ShinyHunters, has reached an agreement with the cyber gang, it said yesterday (11 May). Hackers had given affected universities until tomorrow (12 May) to negotiate a settlement.

As per the agreement, the cyber extortion group has returned stolen data and deleted copies, and has agreed not to extort the institutions affected in the hack, Instructure said. The company did not say what it had given the hacker group in exchange for the terms.

Reportedly formed around 2020, ShinyHunters has claimed responsibility for an array of high-profile, financially motivated attacks in recent years on organisations such as Salesforce, Allianz Life, SoundCloud, Ticketmaster and Tinder-parent Match Group.

The group was linked to a breach of the European Commission’s Europa.eu platform in March, where 350GB of data, across multiple databases, was reportedly accessed and stolen.

Canvas parent settles with hacker group that stole user data

Other newsrooms on this story

Related reading

Canvas platform strikes deal with hackers to delete students’ stolen data

Canvas hack: Company pays criminals to delete students' stolen data

ShinyHunters demands ransom after Canvas hack

Canvas platform hacked by ransomware group during finals - UPI.com

Cyber attack disrupts swath of US universities and schools nationwide

Security incident hits Canvas as finals loom for students across US