Cybersecurity Lessons from the Canvas Data Breach

Cybersecurity Lessons from the Canvas Data Breach

From Shared Security Podcast by Tom Eston, Scott Wright, Kevin Tackett

May 18, 2026 · 17 min

About this episode

This episode discusses the Canvas data breach and the implications of Instructure's agreement with cybercriminals.

In this episode we discuss the recent cyber attack targeting Instructure’s widely used learning platform, Canvas, and the major late-breaking development that Instructure reached an “agreement” with the ShinyHunters cybercriminal group after threats to leak large amounts of stolen student and faculty data. Instructure says the stolen data was returned and that attackers provided digital confirmation that the information was destroyed, but the company did not deny making a payment—language that many in cybersecurity interpret as a ransom settlement. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** Cyberattack on Canvas system causes chaos for students at thousands of schools https://apnews.com/article/cyberattack-schools-canvas-instructure-shinyhunters-a0d7719689263e6b5f90d0e633391b5b Instructure strikes agreement with hackers after Canvas breach hits Duke, thousands of other schools…

People in this episode

Hosts: Tom Eston, Scott Wright, Kevin Tackett

Topics covered

  • cybersecurity
  • data breach
  • ransomware
  • education technology
  • cybercrime
  • data protection

Keywords

  • Canvas
  • Instructure
  • ShinyHunters
  • data breach
  • cybersecurity
  • ransom
  • student data
  • faculty data
  • cyber attack

Sponsors

Guardsquare

Mentioned in this episode

Organizations: Instructure, ShinyHunters

Places: Duke

More episodes of Shared Security Podcast

Explore listener stats, chart rankings, contacts and more on the Shared Security Podcast podcast page.