Instructure says it agreed with hackers who stole 3.5 TB of Canvas student and staff data and received 'digital confirmation' that the files were deleted and that customers would not be extorted. The company declines to disclose terms, and law‑enforcement guidance warns payments can encourage more attacks and offer no guarantee of deletion.
— If educational platforms settle with criminals, it creates a precedent that shifts risk allocation from public enforcement to private bargains, shaping future attacker incentives, institutional security choices, and government policy on ransomware response.
BeauHD
2026.05.12
100% relevant
Instructure’s public statement that it received 'digital confirmation of data destruction' after a ransom‑style agreement covering all affected customers (3.5 TB of stolen student/university data).
← Back to all ideas