Loading...
Loading...
Instructure, operator of the Canvas learning platform, said it reached an agreement with hackers who breached the service and returned the stolen data, claiming to have provided digital proof the copies were destroyed. The company did not disclose whether a ransom was paid or identify the attackers; the hacking group ShinyHunters had claimed responsibility and threatened to leak data on nearly 9,000 schools and 275 million individuals. Instructure said the breach exposed names, email addresses,
The incident affects education technology security practices and vendor risk management for institutions using Canvas. Tech professionals must reassess incident response, data protection, and third-party breach negotiation policies.
Dossier last updated: 2026-05-20 19:41:33
Instructure, operator of the Canvas learning platform, said it reached an agreement with hackers who breached the service and returned the stolen data, claiming to have provided digital proof the copies were destroyed. The company did not disclose whether a ransom was paid or identify the attackers; the hacking group ShinyHunters had claimed responsibility and threatened to leak data on nearly 9,000 schools and 275 million individuals. Instructure said the breach exposed names, email addresses, student ID numbers and messages but found no evidence of passwords, dates of birth, government IDs or financial data being compromised. The company is conducting forensic analysis, hardening systems and reviewing affected data as schools scrambled during the outage.
Instructure, the parent company of the Canvas learning platform, said it reached an agreement with hackers who stole data in a breach that disrupted finals at many schools and threatened to leak information on 275 million people. The company did not disclose if a ransom was paid or identify the attacker, though the ShinyHunters group claimed responsibility and had set extortion deadlines. Instructure says the stolen data was returned and it received digital “shred logs” indicating copies were destroyed, while acknowledging there is no definitive way to verify deletion. The company is conducting forensic analysis, hardening systems, and reviewing the data involved; compromised items reportedly included names, emails, student IDs and messages.
Hackers tied to the ShinyHunters group have reportedly defaced Canvas login pages for several schools after claiming responsibility for a prior Instructure breach that exposed student names, emails, and teacher-student messages. TechCrunch observed altered login screens on three schools where attackers injected an HTML file displaying a message threatening to publish stolen data on May 12 unless Instructure pays a settlement. Instructure’s main site showed intermittent errors and Canvas displayed a maintenance notice; the company hasn’t commented. ShinyHunters says this is a separate compromise and has previously claimed data from nearly 9,000 schools affecting about 231 million people, signaling an escalation in its extortion campaign against education customers.
Hackers affiliated with the ShinyHunters group allegedly defaced Canvas login pages for multiple schools after previously claiming a data breach at education tech provider Instructure. TechCrunch observed HTML injections on three schools’ portals displaying a message that threatened to publish stolen student data on May 12 unless Instructure negotiated a settlement. ShinyHunters had earlier publicized a breach and claimed data on roughly 231 million people across nearly 9,000 schools. Instructure’s main site showed partial availability and maintenance notices while the company had not commented. The incident highlights ongoing extortion tactics targeting edtech infrastructure and raises concerns about student privacy and the security of cloud-based learning platforms.