ADVERTISEMENT

Canvas admits it paid hackers after finals-week cyberattack – but is student data truly safe?

Canvas by Instructure now admits it paid the hackers behind the massive finals-week cyberattack that disrupted schools worldwide and sparked fears about what could happen to potentially stolen student data.

University of Florida campus

Phelan M. Ebenhack/The Orlando Sentinel/Tribune News Service via Getty Images

Stefanie Schappert
Stefanie Schappert Senior Journalist
May 12, 2026 Updated: 13 May 2026 4 min read
Key takeaways:
Canvas ransomware attack
Students and faculty across North America reported being locked out of Canvas during finals week after an alleged ShinyHunters cyberattack disrupted the learning platform. Image by Cybernews.

CEO issues public apology after backlash

Instructure apology
Instructure CEO Steve Daly issued a public apology after the Canvas outage disrupted exams, assignments, and coursework at thousands of schools worldwide. Image by Cybernews.

Canvas claims “confirmation of data destruction”

ShinyHunters Canvas threats
ShinyHunters threatened to leak allegedly stolen Canvas data unless schools or Instructure negotiated before the group’s May 12th deadline. ShinyHunters victim posts. Image by Cybernews
ADVERTISEMENT

Questions still remain over student data exposure

Canvas, webpage in background
Universities across the US and Canada scrambled to respond as students reported outages during one of the busiest weeks of the academic year. CFOTO/Future Publishing via Getty Images
School students online
Instructure says the breach stemmed from a vulnerability tied to Canvas’ “Free for Teacher” environment, which has since been temporarily disabled. Image by namaki | Shutterstock
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

ADVERTISEMENT