A ransomware attack on Instructure's Canvas platform knocked universities across the country offline, locked out teachers and students, and delayed finals at schools that depend on the system for classes, assignments and exams.

Instructure said in an update that it had reached an agreement with the hackers and that the data stolen in the breach had been returned. The company also said it received digital confirmation that the data was destroyed and had been told no Instructure customers would be extorted as a result of the incident. But Jake Braun, a cybersecurity expert who has studied the episode, said the danger may not be over. He said personal information could still be at risk even after the company said the files were recovered. “This ransomware problem is getting worse, not better. And with the use of AI almost, like, commoditizing hacking, it becomes very disconcerting,” Braun said.

Canvas is used by thousands of schools, making a breach on that platform more than a company problem. When the system went dark, it left students unable to submit work and instructors unable to reach course materials or administer exams at a moment when finals were already underway or approaching. Instructure's statement suggested the company paid to recover use of its system and to have the hackers delete what they had taken, a deal that reflects how ransomware cases are often handled even when the public only sees the outage and the later cleanup.

That is part of what makes the case so troubling. Braun said many of the biggest attacks never become public because victims quietly pay and move on. “We find out about the big ones like this, but I know in my time at the White House, the big story for us was all the attacks that weren't being reported, where folks just pay the ransom and move on,” he said. The Canvas incident, he added, is another sign that ransomware is increasing in frequency and profitability, with bad actors using AI to make attacks easier and more scalable.

Braun said the stolen material could still be useful to criminals even if the company got its data back. He warned that young people in college are especially exposed because they are increasingly targeted online, and he said he worries about how stolen information could be used against them. “One of the fastest growing groups in the world that's getting scammed online is youth, and so, I do wonder what these criminal groups will do with all this data to potentially swindle young people who are in college,” he said. He also said, “I haven't opened one email one email since this happened, because I don't feel like I can trust what emails are real or not,” and added, “We're more vulnerable than ever particularly with how AI is making this so much easier for bad guys.”

The attack fits a broader pattern of cyber vulnerability that Braun said extends beyond criminal groups to nation-states such as Iran, China and Russia. What happened to Canvas did not just interrupt one platform; it exposed how quickly a digital breach can spill into classrooms, deadlines and trust itself, even after the headline outage is over.