Educational technology company Instructure has confirmed a cybersecurity incident affecting its Canvas learning management system. The ShinyHunters extortion gang has claimed responsibility for the attack.

Initial Disclosure

On Friday, Instructure announced the incident and engaged third-party cybersecurity experts and law enforcement to investigate. By Saturday, the company confirmed that "personal information of users was exposed in the breach."

Exposed Data

According to Instructure's statement, the compromised information includes names, email addresses, and student ID numbers, as well as messages among users. The company stated it found "no evidence that passwords, dates of birth, government identifiers, or financial information were involved."

Response Measures

Instructure deployed patches, increased monitoring, and rotated application keys. Customers must re-authorize API access to receive new application keys.

ShinyHunters Claims

The threat actor listed Instructure on its data leak site, alleging "nearly 9,000 schools worldwide affected" with "275 million individuals data." ShinyHunters claims the breach exposed student names, email addresses, enrolled courses, and private messages. The actor stated data comes from approximately 15,000 institutions across North America, Europe, and Asia-Pacific regions.

Scale of Impact

Canvas is one of the most widely used learning management systems globally, serving K-12 schools, universities, and corporate training programs. If confirmed, this breach would rank among the largest educational data breaches ever recorded, potentially affecting students, teachers, and staff across thousands of institutions worldwide.

What Affected Users Should Do

• Monitor email accounts for phishing attempts using exposed information
• Be cautious of targeted social engineering using course enrollment details
• Report suspicious activity to your institution's IT security team