Instructure, the parent company of the online learning system Canvas, reported a cyberattack that occurred on May 7. The attack, which shut down the platform for hours, caused chaos for students and faculty and delayed some final exams. Canvas is used by thousands of schools and universities worldwide.
A hacking group known as ShinyHunters claimed responsibility for the breach. The group threatened to leak data involving 275 million individuals and nearly 9,000 schools across the globe unless a ransom was paid.
Instructure announced it has since reached an agreement with the unauthorized actor involved in the incident. As part of the deal, the hackers pledged to return and delete the stolen data and promised not to extort the software maker's customers.
While Instructure apologized and stated that Canvas remains safe to use, the company did not disclose what was given to the hackers in exchange for the data. Furthermore, the company provided no guarantees that the hackers would not release the data or keep their word.