Unbiased AI-powered news
The company behind the education platform used by more than 30 million students reached an agreement with the hacking group that stole 3.5 terabytes of usernames, emails, enrollment records and messages. Canvas was restored within days but the incident disrupted exams at thousands of universities and K-12 districts across four countries.
therecord.mediaInstructure said Monday that it has reached an agreement with the hacking group ShinyHunters to secure the return and destruction of data stolen from its Canvas learning management platform during a breach discovered on April 29. The company paid the hackers, according to BBC News and The New York Times reporting, though it has not disclosed the amount.
In return ShinyHunters provided digital confirmation of the data’s destruction in the form of shred logs and promised that no Instructure customers would be extorted publicly or privately.
The agreement covers all impacted institutions. Canvas, which has more than 30 million active users globally and serves more than 8,000 institutions, was taken offline last week after a ransom note signed by ShinyHunters appeared on login pages for large public school systems and universities including Columbia, Princeton, Harvard and Georgetown.
The note gave affected schools until May 12 to negotiate a settlement.
The platform returned to full operation by Friday morning, though some universities and school districts extended deadlines and altered finals schedules because of the outage. Data accessed by ShinyHunters included students’ names, personal email addresses, usernames, course names, enrollment information and messages exchanged between teachers and students.
Course content, submissions and login credentials were not compromised, Instructure stated.
The company also disclosed that the group had breached its systems twice, once in September 2025 and again in April 2026, but said the incidents involved distinct systems. ShinyHunters previously claimed responsibility for compromising records of 275 million individuals and asserted access to several billion private messages as recently as May 3.
5 terabytes of student and university data if its demands were not met.
A representative later told outlets that the data had been deleted and that neither the company nor its customers would be contacted again for payment. Instructure CEO Steve Daly addressed customers directly. "Many of you dealt with real disruption.
Stress on your teams. Missed moments in the classroom. Questions you couldn’t get answered. You deserved more consistent communication from us, and we didn’t deliver it. I’m sorry for that," he wrote.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible." — Instructure statement The company added, "We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise," and advised, "There is no need for individual customers to attempt to engage with the unauthorized actor." The cyberattack affected an estimated 9,000 institutions in the U.S., Canada, Australia and the U.K. Exams were disrupted at multiple universities. At Mississippi State University a ransom message appeared on screens while students were completing a 2,900-word meteorology exam essay, prompting confusion over whether work had been saved and leading to postponed tests. The FBI mobilized resources in multiple states to assist victims. Instructure last week said the initial breach exploited Free-For-Teacher accounts. The company is organizing a webinar with leadership on May 13 across multiple time zones to provide further details on the attack and its efforts to harden systems. Instructure did not say what it had given the hackers in exchange for the stolen data. It continues to investigate the breach and work with expert vendors on forensic analysis and a comprehensive review of the data involved.”
These outlets didn't split into competing frames — coverage was uniform.
news.sky.comThe European Commission is reviewing expert recommendations for phased restrictions on children's social media access. President Ursula von der Leyen said new legislation could be proposed after the summer.
The European Union sanctioned nine people and four entities on July 13, 2026. Britain sanctioned 24 people and entities the same day over a network active since 2010.
globalnews.caTwenty-two member states pledged 30 to 35 gigawatts of new capacity by 2028 under the bloc's first tripartite deal. The European Commission will oversee annual progress tracking through 2028 as part of the Affordable Energy Plan.