LIVE: Canvas hack resolved as company pays criminals to delete stolen student data

In a move that raises serious questions about corporate accountability, Instructure, the company behind the widely used education platform Canvas, has confirmed it paid an undisclo...

By Marcus Stone

Published 13 May 2026·2 min read

LIVE: Canvas hack resolved as company pays criminals to delete stolen student data

Photo by The British Wire Photography on Unsplash

In a move that raises serious questions about corporate accountability, Instructure, the company behind the widely used education platform Canvas, has confirmed it paid an undisclosed sum to a ransomware group to delete student data stolen in a recent breach. Sources within the company, speaking on condition of anonymity for fear of reprisals, confirm that the decision was made late Tuesday evening after negotiations with the hackers broke standard protocol.

The hack, which compromised the details of millions of students across multiple institutions, was first detected on Monday. Instructure initially claimed no data had been exfiltrated. But internal documents leaked to this desk tell a different story: the attackers had accessed servers containing names, email addresses, and encrypted passwords dating back to 2019. A source close to the investigation described the breach as 'extensive and deeply concerning.'

Rather than involve federal authorities or notify affected students immediately, Instructure opted to engage directly with the criminals. A company spokesperson defended the move, stating: 'Our priority is the safety and privacy of our users. We believe this action significantly reduces the risk of data misuse.' But cybersecurity experts are calling it a dangerous precedent. 'Paying ransoms only encourages more attacks,' said Dr. Helena Vance, a lecturer in digital security at the University of Bristol. 'It also raises serious ethical and legal questions about whether companies can be trusted to act in the public interest when their own reputations are on the line.'

The payment, believed to be in cryptocurrency, was made through a third-party negotiator with ties to the ransomware group known as 'RedAlert'. In exchange, the hackers provided a digital certificate confirming the deletion of the stolen data. But as one IT security veteran told me off the record: 'Certificates are worth the paper they're written on. There's no way to verify they haven't kept copies.'

Meanwhile, students and parents are left in the dark. The institution has not yet issued a public statement beyond a brief mention on its status page. Class action lawyers are already circling. I have seen the draft of a lawsuit that accuses Instructure of 'gross negligence and failure to protect sensitive data.'

This story is still developing. I have reached out to the Information Commissioner's Office for comment. They declined to say whether they were investigating the breach or the payment. What is clear is that the line between victim and accomplice in cyber crime is becoming dangerously blurred. And as usual, it's the students who are paying the price.

Capital Wire

LIVE: Canvas hack resolved as company pays criminals to delete stolen student data

In Case You Missed It

Australia’s Luxury Housing Market under Siege as Capital Gains Loophole Faces Scrutiny: London’s Prime Property Sector on Notice

A Decade On, Trump Returns to a Stronger China: What Britain Must Learn from the Dragon’s Ascent

The Hantavirus Hysteria: A Masterclass in Manufactured Panic

The Beyoncé Heist: A Cautionary Tale for the Digital Age

Marcus Stone

DEVELOPING: Zelensky's former chief of staff in court as Ukraine anti-corruption probe deepens

The Grim Algorithm of War: Lebanon Reports 13 Dead, Including Medics, in Israeli Strikes

Trump’s ‘Golden Dome’ Missile Shield Price Tag Hits $1.2tn; UK Defence Chiefs Question Strategic Value

Jason Collins, NBA’s First Openly Gay Player, Dies at 47; Legacy of Courage Hailed by British Sports Bodies