Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Instructure's Canvas platform was reportedly breached by the ShinyHunters extortion group, which claimed to have exfiltrated ~3.6 TB of data — personal information for roughly 275 million students and staff across about 9,000 schools — after exploiting a vulnerability in the "Free for Teacher" software; the company says data was "returned" and shown as destroyed following an agreement with the actor, raising questions about ransom payments, verification of data deletion, and legal/policy implications.