By Stefanie Schappert
The Canvas attack shows how educational platforms have become critical infrastructure – and how paying off hackers still leaves major questions about whether student data is ever truly safe.
Last week’s Canvas cyberattack led to a finals-week nightmare for thousands of students across North America, locking them out of exams, assignments, and coursework – all while putting them face-to-face with the notorious ShinyHunters ransomware gang – something most students would never have expected.
With threats to release stolen data belonging to 275 million students and teachers tied to the e-learning platform, Canvas by Instructure announced over the weekend it paid off the seasoned hackers, alongside a “digital confirmation of data destruction” from ShinyHunters themselves.
The undisclosed ransom demand was reportedly paid to ShinyHunters as part of an agreement intended to prevent an imminent leak affecting schools, from kindergarten classrooms to universities worldwide.
But now the breach is becoming something much bigger: a test of whether the more than 8,000 schools caught up in the hack can trust a hacker group’s word that stolen student data was actually destroyed.
Despite historical evidence that ransomware groups lie, students, parents, and schools are still being asked to accept that these cybercriminals will honor their end of the deal.
Paying hackers does not erase the risk
While it may have been enough to stop an immediate leak, it does not erase the larger problem – once student data is stolen, control is gone.
If we look back to the December 2024 breach of edtech software provider PowerSchool, the lesson apparently has not been learned.
After PowerSchool allegedly forked over a $60 million ransom demand, the 19-year-old attacker later turned to extorting the 15,000 North American school districts using the platform – despite earlier promises to delete the stolen data.
Fast forward to the Canvas breach. The company says there is no evidence the stolen information was publicly leaked or retained after the payment agreement.
Canvas revealed compromised data included full names, email addresses, student IDs, course and enrollment data, plus “billions of private messages” exchanged on the platform.
And while passwords, Social Security numbers, financial information, grades, coursework submissions, and student files were not exposed, cyber experts say once student data falls into the hands of criminal actors, “the implications for identity theft, targeted social engineering, and even safeguarding are serious and long-lasting.”
Despite historical evidence that ransomware groups lie, students, parents, and schools are still being asked to accept that these cybercriminals will honor their end of the deal.
Criminal promises are still promises from criminals
To be fair, there is a reason extortion groups sometimes do. ShinyHunters and groups like it operate for profit. Their entire business model depends on victims believing that payment can reduce damage, prevent leaks, or stop further extortion.
If hackers routinely take the money and leak the data anyway, future victims have less incentive to pay.
In that sense, even criminal groups have a reputation to protect.
But that does not make their promises trustworthy. Data can be copied. Affiliates can retain files. Archives can resurface months later.
The PowerSchool breach already showed how difficult it is for schools and families to know whether stolen student information has truly disappeared after a cyber extortion incident.
That is why the Canvas case matters beyond a company apology and a single ransom agreement.
One platform, millions of students
The attack also exposed how dependent modern schools have become on centralized cloud platforms to function at all.
Canvas is no longer just a homework portal. For many schools, it is the classroom, gradebook, assignment tracker, messaging hub, exam platform, and student records pipeline all rolled into one.
When initial negotiations failed, ShinyHunters upped the ante, defacing Canvas login pages with threats and turned to targeting individual schools for extortion.
With the system down, frustrated students and teachers lost access to key classroom tools, while school officials scrambled to contain the damage, with some schools forced to cancel final exams altogether.
It is the same uncomfortable lesson seen in the infamous AWS and CrowdStrike disruptions from years past: when one widely used platform fails, entire industries can grind to a halt all at once.
The answer is not for schools to abandon cloud platforms altogether. That’s unrealistic. But cyber insiders have long warned that institutions need real backup plans before outages happen – not improvised workarounds after the systems have already been disabled.
Because when the world’s classrooms run on a single platform, a cyberattack is no longer just an IT problem – it becomes an education crisis.
ABOUT THE EXPERT
Stefanie Schappert, a senior journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity, immersed in the security world since 2019. She has a decade-plus experience in America’s #1 news market working for Fox News, Gannett, Blaze Media, Verizon Fios1, and NY1 News. With a strong focus on national security, data breaches, trending threats, hacker groups, global issues, and women in tech, she is also a commentator for live panels, podcasts, radio, and TV. Earned the ISC2 Certified in Cybersecurity (CC) certification as part of the initial CC pilot program, participated in numerous Capture-the-Flag (CTF) competitions, and took 3rd place in Temple University’s International Social Engineering Pen Testing Competition, sponsored by Google. Member of Women’s Society of Cyberjutsu (WSC), Upsilon Pi Epsilon (UPE) International Honor Society for Computing and Information Disciplines.
Xero Delivers Claude Integration to Advance AI-Powered Financial Intelligence
Posted in Commentary on May 13, 2026 by itnerdXero, the global small business platform, today announced its live integration with Anthropic, the company behind Claude. Building on a multi-year partnership announced in late March, the speed to market of the integration marks a significant milestone for Xero customers. The partnership brings Claude directly into Xero and Xero’s financial data and tools into Claude.ai, changing how small businesses around the world can access and act on real-time financial intelligence.
Built on 20 years of innovation and trusted by over 4.5 million subscribers in more than 180 countries, Xero is redefining the future of small business finance. Tailored for the experience of conversing with Claude, this integration leverages the same foundational capabilities that Xero’s superagent JAX uses to run financial analysis. Xero’s intentional approach to design agentic reasoning foundations to be reusable from day one accelerated the delivery of this new experience to customers. For the first time, Xero customers can leverage Xero and work with their financial data directly inside a leading AI platform.
“AI is rapidly becoming an integral part of our customers’ workspace, and to be effective, that workspace requires Xero’s trusted financial intelligence as its foundation,” said Diya Jolly, Chief Product & Technology Officer, Xero. “Delivering this financial context within Claude bridges the gap between the everyday AI tools customers use and Xero’s rich financial data. When customers engage in wide-ranging conversations with Claude about their business strategy or day-to-day operations, they can now use Claude to instantly pull up their cash position, check overdue invoices, or see how profit is tracking, all without breaking their flow of work.
That’s what it means to have Xero wherever you work and it’s part of our commitment to ensuring customers can leverage Xero at every point in their decision-making process.”
Today, users with an active Xero subscription can bring their financial data directly into their Claude conversations to solve immediate business challenges and provide financial clarity without switching tools. The insights generated in Claude link back to Xero for customers to take action, such as reviewing the full report, contact record or invoice detail. By providing live data from Xero rather than a static export, users can uncover strategic financial insights and reporting in areas like:
In line with Xero’s responsible data use commitments, data responsibility is foundational to the partnership. Financial data shared between the platforms is used solely for the user’s specific session — proprietary business data is never used to train Claude’s AI models.
This live integration further extends the power of Xero OS by delivering customers a trusted financial system for the agentic era and is underpinned by Xero’s commitment to providing AI experiences grounded in Accountable Intelligence. To learn more about how to leverage Xero within Claude, visit: xero.com/campaign/claude-connector
Leave a comment »