Instructure Confirms Data Breach After ShinyHunters Claims Responsibility
AI-generated from multiple sources. Verify before acting on this reporting.
Additional reports have confirmed the scope of the data breach affecting Instructure Inc. and its Canvas learning management system. The company is now working with affected educational institutions to assess the full impact of the incident. No further details have been released regarding the specific types of data compromised or the number of individuals affected. Instructure continues to investigate the breach and has not yet provided a timeline for remediation efforts. The company has not commented on the demands made by the extortion gang ShinyHunters. Security experts are advising institutions using Canvas to monitor for suspicious activity and review their access controls. Instructure has not announced any changes to its security protocols or partnerships with cybersecurity firms. The incident remains under investigation by relevant authorities.
DENVER (AP) — Instructure Inc. confirmed Monday that a cyberattack resulted in the theft of personal information from its systems, following a public claim of responsibility by the extortion gang ShinyHunters. The breach affects the company's cloud-based learning management system, Canvas, used by educational institutions across North America, Europe, and the Asia-Pacific region.
The company disclosed the incident on May 3, 2026, after ShinyHunters posted a notice on a dark web forum demanding payment to prevent the release of stolen data. Instructure stated that the attackers exploited a vulnerability in its infrastructure, gaining unauthorized access to databases containing user information. The company has notified affected customers and is working with cybersecurity experts to secure its systems.
Instructure, based in Denver, Colorado, provides educational software to thousands of schools, colleges, and universities worldwide. The breach potentially impacts millions of users, including students, faculty, and administrators. The company did not specify the exact volume of data compromised but acknowledged that personal information was accessed. This includes names, email addresses, and in some cases, additional identifiers linked to user accounts.
ShinyHunters, a group known for targeting organizations with ransom demands, has previously claimed responsibility for breaches at several high-profile companies. The group typically threatens to publish stolen data if their demands are not met. Instructure has not commented on whether it will negotiate with the attackers or pay a ransom. Law enforcement agencies have been notified of the incident.
The breach highlights ongoing cybersecurity challenges facing educational institutions. Many schools rely on third-party vendors like Instructure to manage student data, creating potential vulnerabilities in the supply chain. Experts warn that attackers increasingly target software providers to access large volumes of sensitive information through a single point of entry.
Instructure has implemented additional security measures to prevent further unauthorized access. The company is conducting a thorough investigation to determine the full scope of the breach and identify the specific vulnerability exploited. Customers are advised to monitor their accounts for suspicious activity and change passwords as a precaution.
The incident remains under investigation, with authorities assessing the potential impact on affected institutions. Questions remain regarding the total amount of data stolen and whether the information has already been leaked or is still held for ransom. Instructure has promised to provide updates as more information becomes available.
Educational institutions are now evaluating their own security protocols and considering the risks associated with third-party data management. The breach serves as a reminder of the critical importance of robust cybersecurity measures in protecting sensitive information.
As the investigation continues, Instructure faces pressure to restore trust with its customers and prevent similar incidents in the future. The company's response will be closely watched by the education sector and cybersecurity professionals alike.