Canvas back online after hack

Canvas is the software layer a lot of schools quietly run on. Assignments live there. Exams live there. Grades, messages, course files — same place. So when Canvas went down during finals week after a cyberattack, this was not some abstract IT story. It was the academic plumbing breaking at the worst possible moment, and now the new twist is that Instructure says it made a deal with the hackers to get stolen data back and stop customer extortion. ### What actually happened? Instructure, the company behind Canvas, said on May 12 that it reached an agreement with the attackers tied to the breach. The company says the hackers returned the stolen data, provided what it called digital proof that remaining copies were destroyed, and agreed not to extort Canvas customers. The group widely tied to the attack is ShinyHunters — a name that has shown up in other big data theft and extortion cases. (status.instructure.com) ### Why did this hit so hard? Because Canvas is not just a website students occasionally check. It is where many colleges and schools run the semester. When the service was forced into maintenance mode on May 7, schools lost access right in the middle of final exams, assignment deadlines, and grading. Instructure’s status page shows Canvas returning for most users later that day, with more recovery work continuing through May 11. (bloomberg.com) ### What data was taken? The company’s public line is narrower than the hackers’ claims. Instructure says attackers accessed usernames, email addresses, and enrollment information. Other school notices and follow-up reporting say some affected records may also have included student ID numbers and messages. Instructure says its investigation found no evidence that passwords, dates of birth, government identifiers, or financial information were stolen. (status.instructure.com) ### Did Instructure pay? That is the part the company has not fully spelled out. Instructure says it “reached an agreement,” but it has not publicly detailed what it gave up in exchange. That matters because “we got the data back” is not the same thing as “the risk is gone.” In cyber extortion, a promise to delete data is basically a trust exercise with criminals. Better than a leak, maybe — but not certainty. (bloomberg.com) ### Why are schools still on edge? Because the outage was only phase one. Phase two is notifications, phishing risk, and campus-by-campus cleanup. Even if passwords were not taken, names, school emails, enrollment details, and IDs can still fuel convincing scam messages. That is especially true right after a public breach, when students are already primed to click anything that looks like an urgent school notice. (techcrunch.com) ### Was this just a one-off break-in? Probably not in the comforting sense. Reporting around the incident says this was the second time Instructure had been hit by ShinyHunters within about eight months. Instructure has also posted an incident change log showing new security controls and tighter admin protections rolling out after the breach. That tells you the company is treating this as more than a temporary outage fix. (cyberguy.com) ### What should schools care about now? Not just uptime. Governance. If a platform used by roughly half of North American colleges can go dark during finals, every campus has to think about contingency plans — alternate exam workflows, backup communications, and what data really needs to sit in a third-party system. The hack turned a software dependency into a board-level risk question. (businessinsights.bitdefender.com) ### Bottom line? Canvas being back online is the easy part. The harder part is that schools now have to keep teaching through a breach they did not cause, cannot fully verify is over, and still have to explain to students and staff. (status.instructure.com) (inquirer.com)