Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online.
The company says over 30 million educators and students use its Canvas platform across more than 8,000 schools and universities worldwide.
In a Tuesday statement, Instructure said the cybercrime gang also returned the stolen data and provided shred logs confirming its destruction.
“We understand how unsettling situations like this can be, and protecting our community remains our top priority. With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident,” it said.
“We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise. This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.”
However, as the FBI has repeatedly warned, paying a ransom does not guarantee that threat actors will not also sell the stolen data to other cybercriminals or attempt to extort the victims again.