Instructure Reaches Deal After Two Hacker Breaches

Instructure says it has reached an agreement with the hackers who breached the company twice, but the deal leaves the most urgent question hanging: whether any stolen data will still spill into public view.

The company, known for the Canvas school software used across education, disclosed the agreement without offering firm assurances about the outcome. That matters because a settlement with attackers does not automatically close the door on further harm. Even when a company secures a promise, criminals may ignore it, copy data, or sell it elsewhere before talks end.

"Reached an agreement" sounds decisive, but Instructure's own disclosure stops short of guaranteeing the hackers will keep their word.

The limited statement also sharpens concern around the scope of the incident. Reports indicate Instructure faced two separate breaches involving the same hackers or the same group of attackers, though the company has not publicly provided the kind of detail that would show what changed between the first intrusion and the second. That gap will likely draw scrutiny from customers, schools, and security experts who want to know how the attackers got back in.

For schools and institutions that rely on Canvas, the issue now extends beyond the breach itself. They need to know what information the hackers accessed, whether any records remain at risk, and what safeguards Instructure has put in place since the attacks. Sources suggest those answers may determine how much trust customers place in the company in the weeks ahead.

What happens next will matter more than the agreement itself. Instructure will face pressure to explain the timeline, define the impact, and show how it plans to prevent another intrusion. Until then, the company has bought time, not certainty—and for customers whose data may sit in the balance, that distinction is everything.