Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack

Instructure's Canvas LMS was breached via an undisclosed flaw in the Free-For-Teacher support ticket system, resulting in the exfiltration of roughly 275 million records affecting nearly 9,000 institutions; the ShinyHunters-linked extortion group also defaced login portals at ~330 schools. Instructure reports it reached an agreement with the actor, received returned data and digital confirmation of destruction, revoked credentials and tokens, rotated keys, and is conducting forensic reviews while warning customers to expect phishing and other follow-on attacks.