Instructure Pays Canvas Ransom; Congress Demands Answers

Instructure paid the ransom on the Canvas breach. The same day, Congress opened an investigation. Here's what the deal got them and what lawmakers want. Instructure announced an agreement with ShinyHunters on Monday — the stolen data was returned and the company received what it calls "shred logs" as digital confirmation of destruction. The amount wasn't disclosed. Instructure says no customers will be extorted as a result of this incident. ShinyHunters had been telling reporters something different: that Instructure hadn't really been engaging with them, and that the price, in their words, wasn't as high as you might think. Meanwhile the House Homeland Security Committee sent a letter to Instructure CEO Steve Daly demanding executives brief lawmakers by May 21. The committee flagged the gap between Instructure's public characterization and the scale ShinyHunters claimed, plus a second intrusion within days of the first — what it called a failure to fully remediate. The FBI's standing guidance to ransomware victims is not to pay. Sources: https://therecord.media/instructure-pays-ransom-canvas-incident-congress-investigation https://www.nextgov.com/cybersecurity/2026/05/canvas-breach-spotlights-cybercriminal-appetite-student-data/413451/ https://www.insidehighered.com/news/tech-innovation/administrative-tech/2026/05/11/instructure-pays-ransom-canvas-hackers More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #ransomware #shinyhunters