Instructure disclosed that it paid a ransom after hackers stole Canvas data, according to reporting that the company did not publicly detail the terms of the payment. In a separate disclosure, Instructure also struck a deal with hackers for the return of Canvas data. The incident matters for colleges and universities because Canvas is used widely across higher education, and stolen personal data can trigger compliance obligations under privacy and breach-notification laws. Institutions may also face operational follow-up, including identity risk management and careful review of their own Canvas integrations. The reporting underscores the growing expectation that major learning-platform vendors will coordinate with threat actors to prevent further exposure, while higher ed IT leaders simultaneously confront rising cybersecurity threats and costs.