Stolen Canvas data was “returned” after hacker agreement, Instructure says

The article covers a data breach of Instructure/Canvas claimed by the extortion group ShinyHunters, noting Instructure reportedly paid the actor and that the stolen data was "returned" and logs "shredded." Exposed items include usernames, emails, course names, enrollment details, and private messages — data sufficient to enable targeted phishing and social engineering; the vendor states no passwords, DOBs, government IDs, or financial data were involved. Recommended actions for affected users include resetting Canvas passwords, enabling MFA, monitoring financial/credit activity, and remaining vigilant for personalized phishing attempts.