The instruction strikes against hackers who have violated it twice

Instructure, the maker of the popular school information portal Canvas, said Tuesday it had “reached an agreement” with hackers who breached its systems twice, stole a massive amount of student and employee data, and disrupted thousands of schools that relied on the company’s software.

ShinyHunters, a financially motivated cybercrime group, claimed responsibility for the data breach on April 29, alleging that it stole student and employee data, including personal information, for a total of 275 million people. The hackers said they breached Canvas, which nearly 9,000 schools use to manage their student and course data.

Last week, hackers hacked the company for the second time. Defacing Canvas login pages on school websitesas part of efforts to pressure the company to pay the ransom.

The instructions said on Incident page Late Monday, as part of the agreement, the hackers provided evidence that the stolen data would be destroyed, and that Canvas customers would not be extorted.

The company acknowledged that “there is never complete certainty” when negotiating with cybercriminals, but noted that customers should not deal with hackers.

The financial terms of the agreement were not disclosed, and Instructure did not say how much it paid the hackers. Instructure spokesman Brian Watkins did not respond to a request for comment or answer questions about the agreement when contacted Tuesday.

In a post on his leak site, which was seen by TechCrunch, ShinyHunters was threatening to publish stolen data he stole from Instructure if the company did not pay the blackmail demand.

As of Tuesday, the listing had been removed from the ShinyHunters page, suggesting a ransom may have been paid.

A representative from ShinyHunters told TechCrunch: “The data has been deleted, gone. The company and its customers will not be targeted or contacted for payment by us.”

It is not clear why Instructure paid the hackers. Governments, including the United States, have He urged for a long time Victims of cybercrimes should not pay ransom to hackers, as this helps cybercriminals profit from their attacks. Security researchers have argued so Victims cannot trust the word of malicious hackers – Some cyber criminals have been found Hold on to stolen data Although they say they deleted it so they could continue to blackmail their victims.

The hack on Instructure mirrors a cyberattack on PowerSchool, which was I had a massive data breach This will impact 70 million students and staff in 2024. PowerSchool, which also makes school information software, Paid the pirates To return stolen data, but many of its customers were She is later blackmailed by another crime group That showed data from the hack that had not been destroyed.

The FBI said In a statement It said last week that it was “aware” of a system disruption affecting schools and educational institutions across the United States. The notice did not name Canvas, but said victims should “not send money or respond” to cybercriminals’ demands.

The data stolen from Instructure, some of which was viewed by TechCrunch, includes students’ names, personal email addresses, and messages exchanged between teachers and students, including private and personal information.

Instructure acknowledged on its website that hackers had breached the company’s systems twice in less than a year, but said the two breaches were “separate events” involving different systems.

Instructure said it is still investigating the breach and validating its findings.

It’s not clear who oversees or is responsible for cybersecurity at Instructure, if not the company’s CEO, Steve Daly. When contacted by TechCrunch, Instructure did not say whether Daly planned to resign following the data breaches.

Are you a Canvas administrator or school that has been notified of the violation? Have you received a blackmail request from hackers? We want to hear from you. To communicate securely with this reporter, connect via your Signal username Zackwitaker.1337.