Unbiased AI-powered news
The parent company of the widely used education platform confirmed it struck a deal with the group Shiny Hunters, which had stolen 3.5 terabytes of data from an estimated 9,000 institutions. The breach, discovered on 29 April 2026, disrupted final exams at universities worldwide. Instructure received the data back and obtained digital confirmation of its destruction.
South China Morning PostInstructure, the parent company of Canvas, reached an agreement with the unauthorized actor behind a major cyber incident affecting its education platform. As part of the deal the stolen data was returned to Instructure, which also received digital confirmation of data destruction from the hackers in the form of shred logs.
The company was informed that no Instructure customers would be extorted as a result of the incident.
The agreement covers all affected Instructure customers and there is no need for individuals to engage with the hackers. Instructure's primary motivation was protecting students' and education staff data. "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible," the company said.
The breach was discovered on 29 April 2026. 5 terabytes of student and university data. Shiny Hunters claimed responsibility for the breach and threatened to publish the stolen data unless a ransom was paid in bitcoin.
The initial ransom deadline set by Shiny Hunters was 6 May 2026. The group later extended the deadline. The breach began unfolding on Thursday 7 May 2026 or the days immediately prior, even though it had been discovered earlier.
A ransom note demanding payment in bitcoin appeared on screens during exams on the Canvas platform. Aubrey Palmer, a meteorology student at Mississippi State University, and other students had just finished writing a 2,900-word exam essay when the ransom message appeared on their screens. "My knee-jerk reaction was that I'd been hacked myself, because that's what it looked like," Palmer said.
The cyber-attack caused the Canvas service to go down, disrupting exams at thousands of universities and colleges. Some final exams were delayed in response to the breach. Mississippi State University announced some exams would be postponed to allow students to recover any lost work.
The data breach involved student ID numbers, email addresses, names and messages on the Canvas platform, according to Steve Proud. Instructure found no evidence that passwords, dates of birth, government identification or financial information were compromised.
Canvas is used by schools and universities to manage grades, digital lectures, course materials, discussion boards, messaging between students and instructors, quizzes, exams and final project submissions.
The attack created chaos for students and faculty members who were locked out of a platform they rely on for nearly all aspects of instruction. Shiny Hunters claimed it had hacked Canvas twice before the 29 April 2026 attack. The group also claimed it breached Instructure again in April 2026 ahead of the 29 April attack.
Instructure disclosed a breach in September 2025. Instructure is working with expert vendors to perform a forensic analysis, further harden its systems and carry out a comprehensive review of the data involved. The company will hold a webinar for its leadership on Wednesday to provide details of the attack and discuss measures to harden the system.
These outlets didn't split into competing frames — coverage was uniform.
news.sky.comThe European Commission is reviewing expert recommendations for phased restrictions on children's social media access. President Ursula von der Leyen said new legislation could be proposed after the summer.
The European Union sanctioned nine people and four entities on July 13, 2026. Britain sanctioned 24 people and entities the same day over a network active since 2010.
globalnews.caTwenty-two member states pledged 30 to 35 gigawatts of new capacity by 2028 under the bloc's first tripartite deal. The European Commission will oversee annual progress tracking through 2028 as part of the Affordable Energy Plan.