The ShinyHunters extortion group has claimed responsibility for a breach of Instructure, the company behind the Canvas learning management platform. The group claims to have stolen 3.65 TB of data affecting up to 275 million students, teachers, and staff across nearly 15,000 institutions globally, including private messages, names, email addresses, and student IDs. Instructure confirmed the breach, revoked credentials, rotated keys, and restored most services by May 3. This is the second ShinyHunters attack on Instructure in under a year — a previous breach occurred in September 2025. The incident underscores a broader trend of ransomware groups shifting from encryption-based extortion to data-theft extortion, making education institutions increasingly attractive targets due to regulatory and reputational exposure.
Table of contents
Service is Back Up, but Data ExposedShinyHunters Takes ResponsibilityEducation is an Attractive TargetSort: