ORLANDO, Fla. — Instructure, the company behind Canvas, says it has reached an agreement with the hackers who claimed to have compromised the online learning platform used by millions of students and teachers nationwide.
The alleged cyberattack has sparked growing concerns that sensitive personal information belonging to students, parents, and educators could be at risk.
The hacker group demanded payment from Canvas in exchange for not releasing the stolen data.
According to Instructure, the agreement with the hacker group includes the return of the data, digital confirmation that the data has been destroyed, and assurances that impacted Instructure customers will not be extorted, publicly or privately.
Channel 9 has reached out to Instructure, asking if the company paid the ransom and if so, why.
Instructure says the agreement applies to all affected customers, meaning individual schools or organizations do not need to contact the hacker themselves.
The company emphasized that, while there is never complete certainty when dealing with cybercriminals, it took the step of providing customers with additional peace of mind.
Instructure says it is continuing to work with cybersecurity experts on forensic analysis, strengthening its systems, and reviewing the data involved.
Several Central Florida schools confirmed that they use Canvas, including the University of Central Florida, Valencia College, Orange County Public Schools, Seminole County Public Schools, and Marion County Schools.
Check back with WFTV for updates.
Read the full statement below:
STATUS UPDATE 5/11/26
We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement:
The data was returned to us.
We received digital confirmation of data destruction (shred logs).
We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.
This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.
While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses.
Please continue to reference https://www.instructure.com/incident_update for the latest information from us.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
©2026 Cox Media Group
