Instructure reported it paid a ransom after hackers stole personal data tied to Canvas, the learning-management system used by thousands of colleges and universities. While Instructure said the data returned did not include passwords, dates of birth, or financial information, campuses reported an operational disruption during the following week when extortion messages appeared and some students were unable to submit end-of-semester assignments. The incident has revived pressure on institutions to treat vendor risk as a core academic-continuity issue, not just an IT incident. Experts cited in the coverage warned that education providers remain prime targets and that attackers increasingly route through third parties to scale impact across many campuses. The episode underscores that centralized SaaS outages can become “large-scale operational disruptions” during peak academic moments, raising expectations for incident-response planning tied to LMS downtime, ransom/extortion scenarios, and end-to-end backup and workflow continuity for high-stakes assessments.