Instructure (Canvas LMS) Confirms Data Breach — ShinyHunters Claim 275 Million User Records from 9,000 Schools

Summary

Instructure, the company behind the widely-used Canvas Learning Management System, has confirmed a cybersecurity incident that exposed user information and communications. The hacking collective ShinyHunters has claimed responsibility, asserting they exfiltrated data pertaining to 275 million users across approximately 9,000 educational institutions.

The compromised data reportedly includes names, email addresses, student ID numbers, and user communications within the platform. Instructure has not verified the full scale of the breach as claimed by ShinyHunters, but has acknowledged that user data was accessed. The company is working with law enforcement and third-party security experts to investigate the scope of the incident.

Source

SecurityWeek — Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
Cybersecurity Insiders — Instructure Data Breach by ShinyHunters

Commentary

ShinyHunters continue their tear through 2026 — this is at least the fourth major breach attributed to the group this year, following ADT, Amtrak, and Medtronic. The education sector is a particularly concerning target: student records are valuable for identity fraud and the victims are often minors who won’t discover the damage for years.

If the 275 million figure is even partially accurate, this ranks among the largest education-sector breaches in history. Schools relying on Canvas — which dominates the US higher-ed LMS market — need to audit what data was exposed and begin notification processes. The broader lesson: edtech platforms hold enormous quantities of PII and remain chronically under-secured relative to their data sensitivity.