Instructure Confirms Ransom Agreement with ShinyHunters After 3.65TB Data Breach

Instructure, the U.S.-based parent company of the educational platform Canvas, confirmed it reached a ransom agreement with a decentralized cybercrime extortion group known as ShinyHunters after the threat actor breached its network. The attackers claimed to have exfiltrated 3.65TB of data, threatening to leak sensitive information from thousands of schools and universities. The company disclosed the agreement in an update shared on Monday, though no specific date for the breach or ransom payment details were provided. The incident targeted Instructure's infrastructure, impacting educational institutions reliant on Canvas. No technical indicators, CVE IDs, or further impact assessments were mentioned in the report.