Instructure said it reached an agreement with threat actors after the Canvas learning management system was disrupted in a breach attributed to ShinyHunters. The attacker reportedly threatened to leak data tied to roughly 9,000 institutions and 275 million users unless a ransom was negotiated. Instructure reported that it received “digital confirmation” of data destruction and stated no customers will be extorted, but cybersecurity experts cautioned that ransomware payments do not guarantee deletion. Multiple schools and districts issued alerts, and the incident blocked students from submitting end-of-semester assignments while systems were offline. The Canvas breach is another reminder that higher education’s reliance on centralized SaaS platforms concentrates risk: when a vendor is compromised, classroom and campus operations can be disrupted at scale.