Instructure Faces Second Cyberattack by ShinyHunters, Sparking Debate on Ransom Payments

Instructure, the company behind the education platform Canvas, was attacked for a second time by the threat actor ShinyHunters on May 7, 2026. Media outlets have sought details on whether Instructure paid a ransom to ShinyHunters following the breach, though the company has not explicitly disclosed payment status in its updates. The incident has sparked ongoing debate about the ethics and efficacy of paying ransom demands in cyberattacks. Instructure had previously pledged to improve transparency regarding security incidents but has not provided full clarity on the payment issue. The breach affects the U.S. education sector, with discussions centering on incident response strategies.