Education technology company Instructure says it is investigating a cyberattack after hackers claimed they stole 280 million records linked to students, teachers, and staff across thousands of schools and universities.
Instructure is best known for Canvas, a widely used cloud-based learning management system that schools and colleges rely on for coursework, assignments, grading, and communication between students and teachers.
The company disclosed last week that it had suffered a data breach that exposed user names, email addresses, and private messages. Shortly after the announcement, the ShinyHunters extortion group claimed responsibility for the attack and said it had stolen a massive amount of educational data.
The hackers later shared a list of 8,809 universities, school districts, and online learning platforms whose Canvas systems were allegedly affected. According to the threat actors, the number of records tied to each institution ranges from tens of thousands to several million.
The group claims the data was collected through Canvas export tools and APIs, including DAP queries, provisioning reports, and user APIs. They say the breach allowed them to gather hundreds of gigabytes of enrollment records, messages, and user information.
Several universities have already responded publicly while investigations continue. The University of Colorado Boulder confirmed it was aware of the nationwide incident involving Instructure and Canvas. Rutgers University said it had not yet been informed of any direct impact to its systems, while Tilburg University stated that it was still working with the supplier to determine whether student or staff data had been exposed.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
