The U.S. House Committee on Homeland Security is demanding Instructure executives testify about two cyberattacks by the ShinyHunters extortion group on its Canvas learning management platform. The breaches exposed 280 million records from over 8,800 educational institutions, including student names, emails, and IDs. A second attack defaced Canvas login portals using XSS vulnerabilities during final exams, forcing some colleges to cancel tests. Instructure has since reached an undisclosed agreement with ShinyHunters to stop the data leak, raising questions about whether a ransom was paid. The committee wants a briefing by May 21 covering both intrusions, data containment, and federal coordination.
Table of contents
Related Articles:Sort: