Canvas paid hackers to delete stolen data from 72k students
Optimist View
Instructure's swift action demonstrates responsible crisis management when facing ransomware attacks. The company proactively negotiated with hackers to secure deletion of compromised student data, preventing broader misuse of personal information. This approach shows educational technology companies prioritizing data protection over corporate reputation costs.
Sources: BBC News (May 12, 2026), NYT (May 12, 2026)
Skeptic View
Paying ransomware attackers sets dangerous precedent and funds future criminal operations. Hong Kong police have already received two fraud reports linked to the breach, suggesting the 'deletion deal' failed to prevent harm. Instructure's refusal to disclose payment terms raises questions about whether student safety or corporate liability drove the decision.
Sources: South China Morning Post (May 12, 2026)
Industry Reality
Educational technology platforms handle massive datasets with minimal security investment relative to financial services. Canvas serves thousands of institutions globally, making it a high-value target with disproportionately weak defenses. The undisclosed payment amount reflects standard ransom economics — cheaper than regulatory fines and litigation costs.
Sources: NYT (May 12, 2026), BBC News (May 12, 2026)
What Your Feed Is Hiding
The 72,571 exposed records represent just Hong Kong's count — the global scope remains undisclosed by Instructure. While the company claims hackers deleted the data, cybersecurity experts know that stolen information is typically copied and distributed before deletion negotiations even begin. The real uncomfortable fact is that Instructure likely paid ransom for data that was already being sold on dark web markets, making the 'deletion deal' largely theatrical.
Key data: 72,571 Hong Kong records with global count still undisclosed
Where They Actually Agree
All perspectives acknowledge that Canvas serves thousands of educational institutions worldwide, creating massive exposure when breached. Both optimists and skeptics agree that student data requires special protection given its sensitivity and long-term value to criminals.
Community Pulse
Should companies be allowed to pay ransoms to protect customer data?
AI-generated analysis based on published sources. TheOtherFeed does not take political positions.
