Threat actor SHADOW-AETHER-015 has exposed data from 8,809 Canvas LMS institutions across 50 countries in what appears to be a backend compromise of Instructure's platform. The breach affects universities, K–12 districts, and medical institutions globally, including all eight Ivy League universities. Because Canvas stores sensitive personal disclosures such as medical accommodation requests and private advisor conversations, the primary follow-on risk is highly targeted spear-phishing using real institutional context. Institutions are advised to alert communities, re-authorize API integrations, enforce MFA, and begin FERPA/COPPA/HIPAA compliance planning.
Sort: