Company Behind Canvas Platform Reportedly Paid Hackers to Delete Stolen Student Data

A company linked to the Canvas education platform has reportedly paid cyber criminals in an attempt to secure the deletion of stolen student data following a major cyber attack.

The breach is believed to have exposed sensitive information connected to students and educational institutions, including personal records and account details. In response, the company allegedly entered negotiations with the attackers in an effort to prevent the data from being distributed or sold online.

Cybersecurity experts warn that paying criminals after a breach remains highly controversial. While organisations may hope to minimise harm by recovering or deleting stolen information, there is no guarantee that attackers will honour agreements or fully remove copied data.

The incident highlights the growing pressure faced by companies handling large volumes of personal information, particularly in the education sector. Schools and digital learning providers have increasingly become targets for cyber attacks due to the valuable data they store and the disruption such incidents can cause.

Authorities continue to discourage ransom style payments, arguing that they may encourage further attacks and strengthen criminal operations. Instead, experts recommend stronger preventative security measures and rapid response planning.

The breach has renewed concerns around the protection of educational data and the security of online learning systems. As investigations continue, questions are likely to remain over how organisations should respond when sensitive information is stolen in large scale cyber incidents.

Author: Abel Vazquez Sanchez