Canvas ShinyHunters Deadline May 12: Did They Dump 275M Records or Did Instructure Pay?

# Canvas ShinyHunters Deadline May 12: Did They Dump 275M Records or Did Instructure Pay?

> **Quick answer:** The ShinyHunters May 12 ransom deadline for Canvas LMS passed without a confirmed public release of the 275 million stolen student records. Critically, Instructure's listing was removed from ShinyHunters' public extortion portal after the deadline — a signal that in ransomware incident response consistently indicates payment or active negotiation. Instructure has not confirmed whether it paid. No full data dump has been publicly confirmed. The outcome, as of deadline day, is deliberate ambiguity — and that ambiguity tells its own story.

The May 12, 2026 deadline for the largest educational data breach in history came and went — and the internet did not explode with 3.65 terabytes of stolen student records. That is the first fact. The second fact is harder to interpret: Instructure, the company behind Canvas LMS, quietly disappeared from ShinyHunters' public extortion portal after that deadline passed. No press release. No ransom payment confirmation. No triumphant hacker post announcing a full data dump. Just silence, and a missing listing.

Here is what the silence means — and what it doesn't.

## What Actually Happened on May 12

The May 12 deadline was ShinyHunters' second and stated "final" line in a campaign that began with an initial demand on May 6, then escalated with the defacement of Canvas login pages at approximately 330 institutions on May 7. Instructure took the platform offline, restored service on May 8 by shutting down the Free-For-Teacher account program that served as the attack vector, and said almost nothing publicly about the ransom demand itself.