Instructure, the parent company of Canvas, says it reached an agreement with the unauthorized actor behind a recent cyberattack and received confirmation that stolen data was destroyed.

The company said the data was returned and that it received digital “shred logs” confirming destruction. Instructure also said customers do not need to contact the actor individually and that no customers will be extorted as a result of the incident.

But the announcement does not fully close the issue. Instructure acknowledged there is never complete certainty when dealing with cybercriminals. The company says the exposed fields included usernames, email addresses, course names, enrollment information and messages, while core learning data such as submissions, course content and credentials was not compromised.

Subscribe free for daily political analysis they won’t broadcast. Join 110K+ readers →

The incident disrupted Canvas users at schools and colleges and drew attention from Congress. Reuters reported that the House Homeland Security Committee requested a briefing from Instructure on the breach, response and coordination with federal agencies.

Subscribe free for daily political analysis they won’t broadcast. Join 110K+ readers →