Instructure, which operates Canvas, paused delivery of breach-related data after identifying a potential security threat involving a third-party platform used to deliver the information to institutions. The company previously said it found no evidence that passwords, dates of birth, government identifiers, or financial information were involved in the Canvas extortion incident. In a memo to customers, Instructure CEO Steve Daly said the company is pausing out of “abundance of caution” while it performs a forensic review and assesses the safety of the delivery platform. Instructure said institutions would receive data via a secure, permissioned ShareFile link, and reiterated that security of customer data remains the priority. For higher ed IT and compliance teams—especially those already integrating Canvas into course delivery—this creates a new operational checkpoint: data intake timelines must adjust alongside incident response requirements.