They're paying them to delete the data?

> The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.

How stupid can they be?

> The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data.

Why is the U.S. allowing Canvas to fund North Korean or Russian cyberterrorists?

So stupid, they will pay but have no proof that the hackers will not keep it to leak or sell it again in a few years...

The parent company should face severe penalties for allowing this kind of breach to happen and also for terrorist financing. We are really living in the Stone Age of information security.

These deals should be illegal.

Really dumb. Just a way to cover their own ass. Of course the hackers won’t actually delete the data. This is just so they can claim it was deleted when everyone knows better.

I disagree with this path, there is no guarantee, nor can there be, that the data will be deleted. It can be divided up and sold to others with no recourse. The hackers got their money, they are under no obligation to comply with th agreement, and there's no one can could enforce it.

This is a duplicate of the following discussion 2 days ago with 258 points and 249 comments:

https://news.ycombinator.com/item?id=48103668 Instructure pays ransom to Canvas hackers

> The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack.

Oh, cool! Maybe they all just sat down with a nice cup of coffee and the hackers decided to delete the data out of the goodness of their hearts.