Instructure said it reached an agreement with threat actors after ShinyHunters disrupted Canvas for thousands of schools and colleges during the finals period. The company reported that it received digital confirmation that stolen data was destroyed and that no customers would be extorted, though it did not disclose what was exchanged in the deal. Reporting ties the intrusion to claims by ShinyHunters that it stole data involving about 275 million users across roughly 9,000 institutions. Instructure said passwords and other sensitive categories were not compromised, but the disruption locked out students and faculty and affected assignment submissions. The incident is reviving scrutiny of how strongly higher education depends on centralized SaaS vendors. Multiple campuses issued alerts about possible impact, and experts said vendor-mediated breaches can quickly shift a cyber event into an academic continuity problem—especially when platforms fail during grading windows. Separately, legal pressure is building through class action filings, as institutions and users weigh what happened, what data may have been accessed, and whether agreements with criminals reduce or merely relocate risk.