Pressure mounts on Canvas as data leak extortion deadline looms | CyberScoop<\/title> <meta name=\"description\" content=\"Attackers affiliated with The Com are threatening to leak data from more than 8,800 school systems if Instructure doesn\u2019t pay a ransom.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/canvas-instructure-data-theft-extortion-the-com\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Pressure mounts on Canvas as data leak extortion deadline looms\"> <meta property=\"og:description\" content=\"Attackers affiliated with The Com are threatening to leak data from more than 8,800 school systems if Instructure doesn\u2019t pay a ransom.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/canvas-instructure-data-theft-extortion-the-com\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-11T23:31:55+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-11T23:31:58+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg\"> <meta property=\"og:image:width\" content=\"2121\"> <meta property=\"og:image:height\" content=\"1414\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778262878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88957\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88957\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcanvas-instructure-data-theft-extortion-the-com%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcanvas-instructure-data-theft-extortion-the-com%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88957 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/canvas-instructure-data-theft-extortion-the-com\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.252427184466\">\n<div class=\"single-article__header-content\" readability=\"31.154811715481\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/canvas-instructure-data-theft-extortion-the-com\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Attackers affiliated with The Com are threatening to leak data from more than 8,800 school systems if Instructure doesn\u2019t pay a ransom. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Students with hands raised in classroom.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg 2121w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Students with hands raised in classroom. (Klaus Vedfelt\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"108.49603787177\"><body readability=\"220.54895104895\"><\/p>\n<p>Pressure is mounting on Instructure, the company behind Canvas, as cybercriminals threaten to leak a trove of sensitive data they claim was stolen during a prolonged cyberattack on the widely used education tech platform.<\/p>\n<p>Widespread outages left schools, students and teachers temporarily unable to access critical data late last week after the company took Canvas offline following additional malicious activity, including a defacement of the platform\u2019s login page. By Friday, the company said Canvas \u2014 a central hub for K-12 and university coursework, exams, grades and communication \u2014 was back online and fully operational. <\/p>\n<p>ShinyHunters, a decentralized crew of prolific cybercriminals affiliated with <a href=\"https:\/\/cyberscoop.com\/fbi-warning-the-com-cybercrime-extortion-violence\/\">The Com<\/a>, claimed responsibility for the attack on its data leak site and is attempting to extort the company for an unknown ransom amount. Instructure hasn\u2019t confirmed the existence of a ransom demand and declined to answer questions about its response.<\/p>\n<p>The threat group initially set a deadline of May 6 \u2014 four days after Instructure previously said the <a href=\"https:\/\/status.instructure.com\/incidents\/9wm4knj2r64z\">incident was contained<\/a> soon after it disclosed the attack \u2014 claiming it stole 3.65 terabytes of data spanning 275 million records across 8,809 school systems. <\/p>\n<p>When that deadline passed without payment, ShinyHunters escalated its pressure on the company by \u201cinjecting an extortion message directly into the Canvas login pages of roughly 330 institutions, and pivoted to school-by-school extortion with a current deadline of May 12,\u201d Cynthia Kaiser, senior vice president of Halcyon\u2019s Ransomware Research Center, told CyberScoop.<\/p>\n<p>\u201cThe scope makes this one of the largest single education-sector exposures we\u2019ve tracked,\u201d she added.<\/p>\n<p>The additional public pressure prompted Infrastructure to take Canvas offline, disrupting schoolwork and access to critical systems nationwide. <\/p>\n<p>Instructure <a href=\"https:\/\/www.instructure.com\/incident_update\">CEO Steve Daly apologized<\/a> over the weekend for the company\u2019s inconsistent communication and deficient public response to the cyberattack. <\/p>\n<p>\u201cOver the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn\u2019t get answered. You deserved more consistent communication from us, and we didn\u2019t deliver it. I\u2019m sorry for that,\u201d he said in a statement.<\/p>\n<p>Daly acknowledged that the attack, which remains under investigation aided by CrowdStrike, exposed usernames, email addresses, course names, enrollment information and messages. He insisted that course content, submissions and credentials were not compromised.<\/p>\n<p>The temporary but widespread disruption caused has spurred broad concern across the education sector as ransomware experts and threat hunters continue to track developments. The cyberattack also caught the attention of lawmakers on Capitol Hill. <\/p>\n<p>The House Homeland Security Committee on Monday <a href=\"https:\/\/homeland.house.gov\/wp-content\/uploads\/2026\/05\/2026.05.11-Homeland-to-Instructure-Holdings-Inc.pdf\">published a letter<\/a> to Daly seeking a briefing with him or a senior leader at Instructure by May 21. <\/p>\n<p>\u201cThe recurrence of an intrusion within days of an initial breach disclosure, and Instructure\u2019s apparent failure to fully remediate the underlying vulnerabilities during that window, raise serious questions about the company\u2019s incident response capabilities and its obligations to the institutions and individuals whose data it holds,\u201d House Homeland Security Chairman Andrew Garbarino, R-N.Y., wrote in the letter to Daly.<\/p>\n<p>The committee wants to learn more about the \u201ccircumstances of both intrusions, the the nature and volume of data accessed, the steps Instructure has taken and is taking to contain the threat and notify affected institutions, and the adequacy of the company\u2019s coordination with federal law enforcement and the Cybersecurity and Infrastructure Security Agency,\u201d he added. <\/p>\n<p>CISA did not describe the extent of its involvement in Instructure\u2019s response. \u201cCISA is aware of a potential cyber incident affecting Canvas. As the nation\u2019s cyber defense agency, we provide voluntary support and cybersecurity services to organizations in responding to and recovering from incidents,\u201d Chris Butera, the agency\u2019s acting executive assistant director for cybersecurity, said in a statement.<\/p>\n<p>Instructure\u2019s timeline of the attack has changed and remains incomplete. The company said it first detected unauthorized activity in Canvas on April 29 and immediately revoked the attacker\u2019s access and initiated an incident response. Researchers not directly involved with the formal investigation said ShinyHunters gained access to Canvas at least a few days earlier.<\/p>\n<p>The follow-on malicious activity on May 7 \u2014 the defacement of public login pages \u2014 was tied to the same incident, the company said. <\/p>\n<p>\u201cWe have since confirmed that the unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts. This is the same issue that led to the unauthorized access the prior week. As a result, we have made the difficult decision to temporarily shut down Free-For-Teacher accounts,\u201d the company said in an updated post about the incident.<\/p>\n<p>Instructure did not answer questions about the vulnerability or explain how attackers intruded its systems. The company said it also revoked privileged credentials and access tokens for affected systems, rotated internal keys, restricted token creation pathways, and deployed additional security controls and monitoring.<\/p>\n<p>Canvas is fully operational and safe to use, the company said, adding that CrowdStrike has reviewed known indicators of compromise and \u201cfound no evidence that the threat actor currently has access to the platform.\u201d<\/p>\n<p>Access still remains spotty and unavailable for some Canvas users as school districts restore the platform in phases after conducting their own internal checks.<\/p>\n<p>Halcyon published an <a href=\"https:\/\/www.halcyon.ai\/ransomware-alerts\/education-sector-in-the-crosshairs-shinyhunters-extortion-campaign-against-instructure\">alert about the attack<\/a> Friday, including a screenshot of the message that some school staff, guardians and students encountered before Instructure took the learning management system offline.<\/p>\n<p>ShinyHunters threatened Instructure and all affected schools to contact the threat group and reach a resolution by end of day Tuesday. The cybercrime group, which has a \u201cknown pattern of removing victim entries once communications and negotiations have started,\u201d removed Instructure from its data leak site after it defaced the Canvas login pages, Halcyon said. <\/p>\n<p>ShinyHunters is a notorious data theft extortion group that previously hit major cloud platforms, including <a href=\"https:\/\/cyberscoop.com\/salesforce-salesloft-drift-attack-spree-google\/\">Salesforce<\/a> and Snowflake, via voice phishing, credential theft and supply-chain attacks. <\/p>\n<p>\u201cHistorically, their claims of compromise typically hold up, but they often exaggerate the impact, scale, and type of data stolen,\u201d Kaiser said.<\/p>\n<p>Education is a recurring and consistent target for cybercriminals. Researchers at Halcyon tracked more than 250 ransomware attacks on education institutions globally last year. Yet, the attack on Canvas stands apart from most of these attacks because of its widespread use and downstream impact.<\/p>\n<p>\u201cThis is student, parent, and staff data, including minors, which creates downstream phishing and impersonation risk that will outlast the immediate incident,\u201d Kaiser said. <\/p>\n<p>\u201cBy compromising a shared platform used across thousands of schools, ShinyHunters hit the entire education sector in one move, which is the same playbook <a href=\"https:\/\/cyberscoop.com\/extortion-email-clop-oracle-customers\/\">Clop ran against Oracle EBS customers<\/a> last fall,\u201d she added. \u201cAmong 2026 incidents against critical infrastructure, this is at or near the top for education-sector impact, and it highlights a trend of third-party software vendors now being part of an attack surface, and causing cascading effects across an entire sector.\u201d<\/p>\n<p>Cybersecurity professionals focused on ransomware and data theft extortion consistently encourage victims to not pay ransoms, but they also often acknowledge that companies have to make tough decisions based on their own interests and the security of their customers or users caught up in the aftermath.<\/p>\n<p>Allison Nixon, chief research officer at Unit 221B, said the threat group claiming responsibility for the attack should not be trusted. <\/p>\n<p>\u201cThey are claiming they will delete the data after they are paid, and if they are not paid that they will leak the data,\u201d she told CyberScoop. \u201cThis is in line with the past data extortion scams run by the same and related Com actors, who have made false statements to victims and to the public in the past.\u201d<\/p>\n<p>Instructure hasn\u2019t indicated what it plans to do as part of any effort to prevent the leak of stolen data. <\/p>\n<p>Daly \u2014 a longtime security executive who was previously CEO at Ivanti \u2014 ended his mea culpa with a pledge to improve communications and provide a summary of a forensics report soon.<\/p>\n<p>\u201cLast week, we made a call to get the facts right before speaking publicly. That instinct isn\u2019t wrong, but we got the balance wrong. We focused on fact-finding and went quiet when you needed consistent updates. You\u2019ve been clear about that, and it\u2019s fair feedback. We will change that moving forward,\u201d he said. <\/p>\n<p>\u201cRebuilding trust takes time,\u201d Daly added. \u201cWe\u2019re going to earn it back through consistent action and honest communication.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.1994680851064\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/canvas-instructure-data-theft-extortion-the-com\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pressure mounts on Canvas as data leak extortion deadline looms<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6587,1209,2350,282,78,452,117,684,1093,6588,46,256,310,984,288,3797],"tags":[6589,668,2354,286,86,454,119,689,1095,6590,54,262,311,986,294,3798],"class_list":["post-8627","post","type-post","status-publish","format-standard","hentry","category-canvas","category-cisa","category-crowdstrike","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-government","category-halcyon","category-house-homeland-security-committee","category-instructure","category-ransomware","category-research","category-technology","category-the-com","category-threats","category-unit-221b","tag-canvas","tag-cisa","tag-crowdstrike","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-government","tag-halcyon","tag-house-homeland-security-committee","tag-instructure","tag-ransomware","tag-research","tag-technology","tag-the-com","tag-threats","tag-unit-221b"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/canvas\/\" rel=\"category tag\">Canvas<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crowdstrike\/\" rel=\"category tag\">CrowdStrike<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/halcyon\/\" rel=\"category tag\">Halcyon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/house-homeland-security-committee\/\" rel=\"category tag\">House Homeland Security Committee<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/instructure\/\" rel=\"category tag\">Instructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/the-com\/\" rel=\"category tag\">The Com<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-221b\/\" rel=\"category tag\">Unit 221B<\/a>","tag_info":"Unit 221B","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8627"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8627\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8627,"date":"2026-05-11T18:31:55","date_gmt":"2026-05-11T23:31:55","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88957"},"modified":"2026-05-11T18:31:55","modified_gmt":"2026-05-11T23:31:55","slug":"pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/11\/pressure-mounts-on-canvas-as-data-leak-extortion-deadline-looms\/","title":{"rendered":"Pressure mounts on Canvas as data leak extortion deadline looms"},"content":{"rendered":"