INSTRUCTURE REACHES DEAL WITH HACKERS AFTER TWO BREACHES
SECURITY DESK■ 2 MIN READ
TUE, MAY 12, 2026■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE
Canvas software maker Instructure announced an agreement with hackers who breached its systems twice, though the company offered no assurance the attackers will honor the deal or refrain from releasing stolen data.
Instructure, which provides Canvas learning management software to schools and universities worldwide, disclosed it has reached an agreement with the threat actors responsible for two separate security breaches.
The company did not disclose specific terms of the deal or explain what concessions were made. In a statement, Instructure said it "reached an agreement" with the hackers but provided no guarantees regarding data protection or the attackers' future conduct.
The lack of transparency raises significant questions about the effectiveness of such negotiations. Cybersecurity experts have long warned that paying or negotiating with threat actors provides no binding assurance that stolen data will be deleted or withheld from public release. Hackers can easily copy files before agreeing to terms, then distribute the information later for additional profit.
Instructure serves educational institutions across multiple continents, making any data breach a concern for millions of students and staff members. The nature of the information accessed during the two breaches has not been fully disclosed.
This incident highlights the difficult position organizations face when targeted by cybercriminals. Schools and universities often choose negotiation as a last resort to minimize potential harm, despite the inherent risks of dealing with attackers who operate outside legal systems.
The company has not announced whether it will notify affected users about the breaches or provide details on what data was compromised. Instructure said it is working to strengthen security measures, a standard response that typically follows major incidents.
The agreement comes as educational institutions increasingly face cyberattacks. Ransomware gangs and data thieves frequently target schools due to their valuable student and staff records, often combined with limited IT resources compared to larger enterprises.
Users of Canvas should monitor their accounts for suspicious activity and consider changing passwords as a precautionary measure.
■ SOURCES
► TechCrunch■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE
■ MORE FROM THE SECURITY DESK
Cybercriminals have transformed DDoS attacks into a polished, commercialized service complete with pricing tiers, customer support, and reseller programs. The DDoS-as-a-Service market has evolved from basic tools into sophisticated attack platforms.
23H AGO— Industry Desk
Microsoft faced backlash after threatening a security researcher with criminal investigation, reigniting debate over software vulnerability disclosure practices and corporate responsibility.
23H AGO— Security Desk
Google is deploying Device Bound Session Credentials (DBSC) to all Chrome users, a security feature designed to prevent account takeovers by protecting session cookies from theft.
23H AGO— Industry Desk
Dutch authorities have dismantled a major botnet comprising 17 million infected devices and seized over 200 servers hosting the operation at a local provider.
23H AGO— Security Desk