Data Security Instructure reaches agreement with hackers after Canvas data breach May 13, 2026 Share By SC Staff (Adobe Stock) As reported by Bleeping Computer, Instructure, the company behind the Canvas learning management system, has reached an agreement with the ShinyHunters extortion group to prevent the leak of data stolen in a recent breach affecting over 30 million educators and students. ShinyHunters claimed responsibility for stealing more than 3.6 terabytes of data by exploiting security vulnerabilities in Instructure's Free-for-Teacher environment. The group also defaced Canvas login portals and left an extortion message. Instructure confirmed the breach involved cross-site scripting (XSS) vulnerabilities, allowing attackers to gain administrative access. While Instructure stated that no customers will be extorted and the stolen data was returned and confirmed destroyed, the FBI cautions that paying ransoms does not guarantee data security. This incident follows a previous breach in September 2025, also claimed by ShinyHunters, which affected Instructure's Salesforce instance. The company is holding a webinar on May 13 to discuss the incident and security measures. Instructure has temporarily shut down Free-For-Teacher accounts to address the security issues. Source: Bleeping Computer SC Staff Related Data Security Community Bank customer data exposed via unauthorized AI software SC Staff May 13, 2026 The bank, which serves customers in Pennsylvania, Ohio, and West Virginia, filed an 8-K with the U.S. Securities and Exchange Commission on May 7, detailing the incident. Encryption Apple and Google roll out end-to-end encrypted RCS messaging SC Staff May 12, 2026 The E2EE RCS messaging feature is now available to iPhone users running iOS 26.5 with supported carriers and Android users on the latest Google Messages version. Data Security NVIDIA confirms GeForce NOW user data exposed in Armenian partner breach SC Staff May 11, 2026 A threat actor claimed to have breached GeForce NOW and stolen millions of user records, including full names, email addresses, usernames, dates of birth, and 2FA/TOTP status. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Block Cipher Checksum Cipher Ciphertext Data Aggregation Decryption Diffie-Hellman Digital Envelope Digital Signature Digital Signature Standard (DSS) You can skip this ad in 5 seconds