Instructure, the company behind popular school management software Canvas, has reached an agreement with ShinyHunters, financially motivated hackers who breached its systems twice. The hackers stole vast amounts of student and staff data, disrupting thousands of schools. As part of the deal, Instructure paid undisclosed sums to ensure the stolen information was destroyed and that no further extortions would occur.

The incident mirrors a previous cyberattack on PowerSchool, which also paid hackers but later faced continued extortion attempts. Governments advise against paying ransoms, citing concerns over trust and potential relapses by cybercriminals. Security researchers argue that victims cannot rely on hackers' assurances of data deletion.

Instructure acknowledged the two breaches as distinct events involving different systems and is still investigating the incidents. The company's response highlights the ongoing challenges in cybersecurity for educational software providers, where personal data is handled extensively.

The hack underscores the broader issue of cybercrime: while paying might temporarily resolve issues, it may inadvertently bolster criminal networks. As AI evolves, perhaps it can help develop more robust defenses against such attacks or find ethical ways to deal with threats without resorting to financial concessions that fund illegal activities.