The company at the centre of a cyber attack involving online learning platform Canvas, which is used right across Australia, says it has reached an 'agreement' with the hackers responsible.
Canvas is a learning management software used by educational facilities across the world, and was recently at the centre of a data hack. The company at the centre of a cyber attack involving online learning platform Canvas says it has reached an "agreement" with the hackers responsible, with Instructure 's CEO offering an apology to those affected.
The data breach involved the theft of large amounts of data, including student ID numbers, email addresses and messages on the learning platform. Instructure says it has received assurances from the hackers that no one will be extorted with the stolen information, but says it's continuing to investigate the data breach. The company at the centre of a cyber attack involving the details of millions of students globally this month says it has "reached an agreement" with the hackers.
Hundreds of thousands of students have been unable to access schoolwork or submit assessments as access to Canvas has been paused. It involved the theft of large amounts of data, including student ID numbers, email addresses, enrolment information and messages on the learning platform. Instructure, the US company that developed Canvas, has published an update to its website, indicating that it has negotiated for the information not to be leaked.
"We understand how unsettling situations like this can be, and protecting our community remains our top priority," the update said. "With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident. " The company said, as part of that agreement, the data had been returned along with digital confirmation of it being destroyed by the hackers.
Instructure says all data accessed in the hack has been returned by the hackers, and that no customers will be extorted as a result.
"We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise," the company said. "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible.
" Instructure said the agreement covered all impacted institutions and that there was no need for any individual school or university to attempt to engage with the hackers. More than 500 data breaches were reported in Australia over the first half of 2025 alone, but there are some ways you can minimise your risk of being caught up in one.
Last week, students and teachers who logged in to Canvas were greeted with a warning that the information would be leaked, unless institutions negotiated a settlement with ShinyHunters by the end of May 12. Canvas is a digital hub used by schools and universities for submitting assignments, taking exams, checking grades and communication between teachers and students. The platform is used by a large number of schools, universities and other educational institutions across Australia, the United States and Canada.
Instructure chief executive Steve Daly has also published a message on the company's website, apologising for the breach and communication issues.
"Over the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom," Mr Daly said. Public information about the hack last week was largely limited to updates on Instructure's status page and information from the hacking group itself.
Crackdowns and lawsuits over data breaches take years. Experts say "the right to erasure" would help individuals hold corporations to account. Mr Daly said the company made the decision to "get the facts right" before speaking publicly and that it had "got the balance wrong". He said the data breach was the result of a vulnerability regarding support tickets in the service's Free for Teacher accounts, which was exploited. Analysis by Ian Verrender
Cybercrime Canvas Instructure Shinyhunter Education System Data Protection
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Strategic Financial Planning Amidst Australia's Rising Interest Rates and Recession FearsAs the Reserve Bank of Australia continues to raise interest rates, financial experts provide critical advice on debt reduction, emergency savings, and career stability to help households weather a potential economic downturn.
Read more »
Deadline set by cybercriminal group looms, as some institutions regain Canvas accessAustralian universities and education departments have begun regaining access to online learning platform Canvas, after being caught up in a breach last week. However, the deadline set by the hackers continues to count down.
Read more »
Adelaide University students express concerns over Canvas outage and breachAdelaide University students and Bachelor of Music Theatre students express concerns over the Canvas outage and breach, which affected thousands of educational institutions worldwide. They question the communication and security measures of the institution and the reliance on third-party providers.
Read more »
Michelin Guide to South Australia: State Government Deals with Tourism AustraliaThe Michelin Guide is coming to South Australia to publish its first Australian edition next year, after the state government brokered a multimillion-dollar deal that Tourism Australia twice declined. The guide will send restaurant inspectors to review fine-dining restaurants within their star and Bib Gourmand (value) rating system, with results to be published exclusively online.
Read more »