{"id":60665,"date":"2026-05-14T22:42:11","date_gmt":"2026-05-14T22:42:11","guid":{"rendered":"https:\/\/www.theregister.com\/a\/5240799"},"modified":"2026-05-14T22:42:11","modified_gmt":"2026-05-14T22:42:11","slug":"nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/","title":{"rendered":"Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data"},"content":{"rendered":"
<\/div>\n

FEATURE<\/span> When Instructure \u201creached an agreement\u201d with data theft and extortion crew ShinyHunters this week, the education tech giant assured Canvas users after attackers claimed to have stolen data tied to 275 million students, teachers, and staff that their private chats and email addresses would not turn up on a dark-web marketplace, and that they would not be extorted over the incident.<\/p>\n

\u201cWe received digital confirmation of data destruction (shred logs),\u201d Instructure assured the nearly 9,000<\/a> affected universities and K-12 schools. \u201cWe have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.\u201d<\/p>\n

Not a single responder that The Register<\/span> spoke with believes this is true.<\/p>\n

\n
\n

MORE CONTEXT<\/h2>\n<\/p><\/div>\n<\/div>\n

\u201cDo I believe they deleted the data? No. They’re criminals and scumbags,\u201d Recorded Future threat intelligence analyst Allan Liska, aka the Ransomware Sommelier, told us. <\/p>\n

\u201cBut, this is part of what Max Smeets calls \u2018The Ransomware Trust Paradox<\/a>,\u2019\u201d he added. \u201cRansomware groups have to, minimally, not post data they claimed to have deleted or no one will pay them in the future, but this is done knowing that the data is likely not deleted.\u201d<\/p>\n

Halcyon Ransomware Research Center SVP Cynthia Kaiser, who previously spent two decades at the FBI<\/a>, said she doesn\u2019t think that anyone who studies ransomware groups\u2019 operations believes the gang actually destroyed the stolen files.<\/p>\n

\n
\n

The operational reality at 3 a.m. during finals week or enrollment season can push institutions toward a very different calculation <\/h3>\n<\/p><\/div>\n<\/div>\n

\u201c\u2018We destroyed the data\u2019 is a standard line from extortion groups once a payment is made or negotiations conclude, but time after time it has proven untrue,\u201d Kaiser told The Register<\/span>. \u201cShinyHunters in particular has a documented history of recycling, reselling, and re-leveraging stolen data across campaigns \u2013  data they claimed was contained from earlier intrusions has resurfaced on criminal forums months and years later.\u201d<\/p>\n

Kaiser also doesn\u2019t think this is the last threat that the schools will face from the Canvas breach.<\/p>\n

\u201cHalcyon expects targeted phishing waves against staff, students, and parents over the next six to 12 months using leaked names, email addresses, and Canvas chat context to make the lures convincing,\u201d she said.<\/p>\n

To be clear: Instructure execs never directly said<\/a> the company paid the ransom, and we don\u2019t know the exact amount of money the criminals demanded from the digital learning biz. <\/p>\n

We do know, however, that \u201creached an agreement\u201d is corporate-speak for the victim paid up. Doug Thompson, chief education architect at cybersecurity firm Tanium, estimates the figure sits somewhere between $5 million and $30 million. <\/p>\n

Meanwhile, this latest extortion attack illustrates the impossible choice facing organizations entrusted with protecting people\u2019s data when digital thieves breach their networks and steal sensitive information.<\/p>\n

\u201cThe FBI says don\u2019t pay,\u201d Thompson told The Register<\/span>. \u201cBut the operational reality at 3 a.m. during finals week or enrollment season can push institutions toward a very different calculation. Until that incentive structure changes, education is likely to remain unusually vulnerable to extortion pressure.\u201d<\/p>\n

To pay, or not to pay?<\/h3>\n

The US federal government, law enforcement agencies, and private-sector threat intelligence analysts all advise victims not to pay<\/a> a ransom.<\/p>\n

\u201cPaying ransoms rewards and incentivizes the criminals, funding their search for new victims, and I\u2019ve long advocated before for a ban on ransomware payments,\u201d Emsisoft threat analyst Luke Connolly told us. \u201cBut in the absence of regulation applying to all organizations, the stark reality is that Instructure faced a crisis, and they negotiated to try to minimize risk and harm.\u201d<\/p>\n

No company wants to pay a ransom to its attackers, and most say they won\u2019t \u2013 at least in principle  \u2013  because they don\u2019t want to fund criminal operations and incentivize the crooks. <\/p>\n

There\u2019s also no guarantee that paying will guarantee the return of their data or prevent additional extortion attempts. CrowdStrike surveyed 1,100 global security leaders last summer, and of the 78 percent who said they experienced a ransomware attack in the past year, 83 percent of those that paid ransoms<\/a> were attacked again. Plus 93 percent lost data regardless of payment.<\/p>\n

While data suggests that fewer organizations are paying criminals\u2019 ransom demands – Chainalysis found the percentage of paying victims in 2025 dropped<\/a> to an all-time low of 28 percent, despite attacks hitting record highs<\/a> – when faced with extortion or a ransomware infection, the “to pay or not to pay” debate becomes much more complicated.<\/p>\n

\u201cMost organizations still say publicly that they won’t pay, and many genuinely don’t, but when the alternative is mass downstream harm to students, parents, and thousands of customer institutions, the calculus shifts,\u201d Kaiser said. \u201cPay-or-leak groups like ShinyHunters specifically engineer that calculus by creating intense financial and reputational pressure, and when demands go unmet, they escalate to direct harassment of victim companies, employees, and clients.\u201d<\/p>\n

ShinyHunters did just that. The crew initially compromised Instructure<\/a> in late April, and after the initial pay-or-leak deadline passed on May 6, ShinyHunters switched tactics to school-by-school extortion. They injected a ransom message into about 330 Canvas school login portals, causing Instructure to take the platform offline<\/a> for a day – during final exams and Advanced Placement testing for many. <\/p>\n

Other ransomware scum have gone to horrifying extremes<\/a>, posting pictures and addresses of preschool children<\/a> in an effort to get a payday, leaking cancer patients\u2019 nude photos<\/a> and threatening them with swatting attacks<\/a>.<\/p>\n

Mandiant Consulting CTO Charles Carmakal previously told The Register<\/span> that ransomware infections have morphed into “psychological attacks\u201d with crooks SIM swapping executives\u2019 kids<\/a> to pressure their parents into paying.<\/p>\n

Calculating risk<\/h3>\n

In addition to responding to criminals directly harassing their students, patients, customers and employees, victim organizations also have to take into account potential lawsuits if the crooks dump individuals\u2019 personal or health data, and the reputational hit from seeing all of this protected information published online.<\/p>\n

The decision about what to do in a ransomware attack revolves around risk reduction, Liska said. <\/p>\n

\u201cNot paying a ransom means an increased risk of data exposure, which in this case could cause serious harm,\u201d he told us. \u201cWhile there is no good decision in most ransomware negotiations, the idea is to protect as many people as possible and that may mean that paying is the least bad option.\u201d <\/p>\n

While he didn\u2019t respond to or investigate the Instructure case, \u201cprotecting children’s data is absolutely a critical factor in these types of decisions, especially when the attacks originate from one of the groups associated with The Com,\u201d Liska added. <\/p>\n

The Com<\/a>, a loosely knit group of primarily English speakers who are also involved in several interconnected networks of hackers, SIM swappers, and extortionists such as ShinyHunters and Scattered Lapsus$ Hunters<\/a>, has been known to blackmail kids and teens into carrying out shootings, stabbings, and other real-life criminal acts<\/a>. <\/p>\n

\u201cThese groups are known to coerce victims using threats of physical harm, including bricking and swatting,” he said. “Not paying may have increased the risk of serious harm to the children whose data was exposed.\u201d<\/p>\n

A representative of ShinyHunters contacted The Register<\/span> to “deny any and all association, affiliation, and\/or linkage with ‘The Com’ including ‘Scattered Lapsus Hunters'”<\/p>\n

The rep said “There is no actual concrete evidence to support that we are associated, affiliated, or linked to the aforementioned. These are baseless allegations and industry propaganda surrounding ‘The Com.'”<\/p>\n

The Shiny one admitted that some of their crew’s tactics are similar to those the other gangs use but suggested it’s lazy to assume a link. “If China or North Korea used vishing to infiltrate organizations networks would they also immediately become associated with \u201cThe Com?'” the representative asked.<\/p>\n

Ed sector ‘more likely to pay’<\/h3>\n

Instructure\u2019s intrusion follows several other high-profile attacks against education-sector software providers.<\/p>\n

In December 2024, PowerSchool<\/a> suffered a breach, affecting tens of millions of students. The company reportedly paid about $2.85 million<\/a> in bitcoin in exchange for a video<\/a> supposedly showing the attackers destroying the data. But about five months later, in May 2025, the ed-tech provider\u2019s school district customers received individual extortion threats<\/a> from either the same ransomware crew that hit PowerSchool or someone connected to the crooks.<\/p>\n

Earlier this year, ShinyHunters claimed it stole data from K-12 software provider Infinite Campus<\/a> as part of a broader wave of Salesforce-related intrusions.<\/p>\n

\u201cEducation keeps emerging as one of the sectors where organizations are still more likely to pay under pressure,\u201d Thompson said. <\/p>\n

In addition to students\u2019 \u2013 especially minors\u2019 \u2013 data containing highly sensitive personal details, and therefore presenting an attractive target for attackers, this is also driven in part by market pressure and economics.<\/p>\n

\n
\n

There will be future attacks, without a doubt <\/h3>\n<\/p><\/div>\n<\/div>\n

It\u2019s costly and inconvenient for schools to switch learning management systems, and they are typically locked into multi-year contracts with these software vendors, according to Thompson.<\/p>\n

\u201cThe other issue is concentration,\u201d he said. \u201cA relatively small number of vendors hold data for enormous portions of the education system. PowerSchool, Infinite Campus, Canvas, Blackboard; those four hold records on something close to every American student, and hackers know it. Three of the four have been breached at a multi-million-record scale in the last 18 months.\u201d<\/p>\n

Thompson said he expects to see additional attacks against major education platforms to follow. <\/p>\n

\u201cThe economics are good. Instructure paid. PowerSchool paid last year. Every other ed-tech vendor’s board just had a conversation about what their number would be,\u201d he told us. \u201cThe pattern is established.\u201d<\/p>\n

According to Connolly, the universities and K-12 schools affected by the Canvas hack shouldn\u2019t consider their data safe, regardless of Instructure\u2019s assurances or the crooks’ promises to delete it. \u201cThere will be future attacks, without a doubt.\u201d \u00ae<\/p>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Other than Instructure execs – maybe? READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":60666,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[1047],"class_list":["post-60665","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register","tag-cyber-crime"],"yoast_head":"\nNobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-14T22:42:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image.theregister.com\/5240833.jpg?imageId=5240833&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data\",\"datePublished\":\"2026-05-14T22:42:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/\"},\"wordCount\":1633,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg\",\"keywords\":[\"Cyber Crime\"],\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/\",\"name\":\"Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg\",\"datePublished\":\"2026-05-14T22:42:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg\",\"width\":100,\"height\":56},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Crime\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cyber-crime\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/","og_locale":"en_US","og_type":"article","og_title":"Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-05-14T22:42:11+00:00","og_image":[{"url":"https:\/\/image.theregister.com\/5240833.jpg?imageId=5240833&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data","datePublished":"2026-05-14T22:42:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/"},"wordCount":1633,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg","keywords":["Cyber Crime"],"articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/","url":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/","name":"Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg","datePublished":"2026-05-14T22:42:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/05\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data.jpg","width":100,"height":56},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/nobody-believes-the-criminals-and-scumbags-who-hacked-canvas-really-deleted-stolen-student-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Crime","item":"https:\/\/www.threatshub.org\/blog\/tag\/cyber-crime\/"},{"@type":"ListItem","position":3,"name":"Nobody believes the ‘criminals and scumbags’ who hacked Canvas really deleted stolen student data"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60665"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60665\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60666"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}