Skip to Content
CNN - National

Data stolen in Canvas hack that hit thousands of schools has been returned, company says

By
Published 8:20 AM

By Rebekah Riess, Ramishah Maruf, CNN

(CNN) — Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, according to an update the company posted Monday.

Canvas, a popular, cloud-based digital hub for classrooms, has more than 30 million active users globally, with more than 8,000 institutions as customers, according to Instructure.

A ransom note signed by a hacking group appeared on the homepage of Canvas sites for large public school systems and top universities like Columbia, Princeton, Harvard and Georgetown last Thursday.

The hacking group ShinyHunters claimed to have “breached” the platform’s parent company, according to a screenshot obtained by CNN. The group said impacted schools had until May 12 “to negotiate a settlement.”

ShinyHunters previously claimed it had breached 275 million individuals’ data and had access to “several billions of private messages,” according to a ransom note shared by Ransomware.live on May 3, which tracks ransomware attacks and groups.

Data accessed by the hacking group included information like usernames, email addresses, course names, enrollment information and messages, according to Instructure. Course content, submissions and credentials were not compromised, the company said.

Instructure said it received digital confirmation of the data’s destruction, called “shred logs,” from the hacking group, the company said. “We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise,” the update said.

The agreement between the hackers and Instructure covers all impacted customers, the company said. “There is no need for individual customers to attempt to engage with the unauthorized actor,” the company said.

“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the update said.

Instructure said it is organizing a webinar with company leadership to detail information about the attack and its efforts to harden the system. The company said it expects the webinar to take place on May 13 across multiple time zones.

The FBI mobilized resources in multiple states to assist victims of the hack, a source familiar with the matter told CNN.

Canvas was “fully back online and available for use” Friday morning, Instructure said. Universities and school districts throughout the country reported their Canvas pages were back up and running, though some schools had already extended deadlines and changed finals schedules because of the hack.

“Many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn’t get answered. You deserved more consistent communication from us, and we didn’t deliver it. I’m sorry for that,” Instructure CEO Steve Daly wrote in a message to customers.

The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

CNN’s Hanna Park and Emma Tucker contributed to this story.

Article Topic Follows: CNN - National

Jump to comments ↓

CNN Newsource

BE PART OF THE CONVERSATION

ABC 17 News is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.