Hackers delete stolen Canvas data after deal

 
Hacking group Shinyhunters has returned the stolen data of more than 275 million Canvas users to Instructure. Whether the ransom demanded was paid is not known.

The hackers had stolen usernames, email addresses and messages from Canvas, an educational application used worldwide by around nine thousand institutions. The US company Instructure, the maker of Canvas, had to pay the ransom by 12 May at the latest, otherwise the data would be made public.

According to Instructure a deal has now been reached and the stolen data have been deleted. The company reports this on its website. Instructure also apologises and says that Canvas is safe to use again.

Whether ransom was paid in exchange for the deletion of the data has not been disclosed. The hackers have confirmed the deal, reports the NOS.

Dutch educational institutions were also affected by the hack. It involved seven universities and at least two universities of applied sciences that use Canvas. Students use the platform to view their timetables or grades. They can also send messages to classmates and lecturers.

Have the data actually been deleted? Instructure warns that there is never complete certainty when negotiating with cybercriminals. The company is conducting further investigation into the hack.