Instructure said it reached an agreement with the unauthorized actor behind the Canvas cyberattack that disrupted classes and finals across thousands of institutions. The company reported that the stolen data was returned and that it received digital confirmation of data destruction via “shred logs,” while also stating there is no guarantee beyond what is possible with cybercriminals. According to reporting cited in the coverage, ShinyHunters claimed the breach involved about 3.65 TB of data and roughly 275 million users across around 9,000 institutions. Instructure said no evidence showed compromise of passwords, dates of birth, or financial information, but warned institutions still faced fallout in grading, assignment submission, and platform access. The episode has already triggered multiple class-action lawsuits, and campus leaders are now assessing how third-party SaaS risk scales into operational risk—especially when vendors control the systems students depend on day-to-day.