US Congress calls Instructure CEO as it investigates Canvas breach

News
By published

Steve Daly called in to testify after Canvas attack

Padlock against circuit board/cybersecurity background
(Image credit: Getty Images)
  • Instructure CEO Steve Daly called to testify before US House Homeland Security Committee
  • Hearing will cover breach details, data volume, containment steps, and customer notifications
  • Daly previously confirmed ransom payment to ShinyHunters, with data “shred logs” and promises of no further extortion

Instructure CEO Steve Daly has been was called to testify in front of the US House Committee on Homeland Security regarding the recent ShinyHunters attack on the company and its flagship product, Canvas.

The testimony should take place on May 21 at the latest, and will discuss the circumstances of the incident, the nature and volume of data accessed, and the steps the company took to contain the threat and notify affected individuals.

In early May 2026, news broke that Instructure, the edtech giant behind the popular Canvas learning system, suffered a cyberattack and lost sensitive customer data. Hours later, ShinyHunters added Instructure to its data leak site, saying the breach affected thousands of schools and 275 million individuals, including students, teachers, and other staff.

Latest Videos From

Available on Pixels

A few days later, the group struck Instructure the second time, defacing the login portal and leaving a ransom note for all victims to see. At the same time, the group said that the stolen files include data from Harvard, MIT, Oxford, and a handful of other elite, world-leading research universities.

While law enforcement usually advises against paying the attackers their ransom demand, Instructure caved in and paid up which also, as is hinted in the invitation letter, might be the reason why Daly was called in to testify in the first place.

“The scale and timing of the Instructure breach, and the demonstrated inability of a major educational technology vendor to contain a threat actor following an initial intrusion, are precisely the kind of systemic vulnerabilities this Committee has a responsibility to examine,” the invitation letter reads.

When Daly announced the agreement with ShinyHunters in a blog post earlier this week, he said the data was returned and the company got shred logs as proof ShinyHunters are no longer in possession. ShinyHunters also apparently promised Daly that Instructure customers (schools and individuals alike) would not be extorted.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.