Instructure hacker claims data theft from 8,800 schools, universities

Instructure hacker claims data theft from 8,800 schools, universities By Lawrence Abrams May 5, 2026 05:20 PM 0 The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million records tied to students and staff from 8,809 colleges, school districts, and online education platforms. Instructure is a cloud-based education technology company best known for its Canvas learning management system, which schools and universities use to manage coursework, assignments, grading, and communication. Last Friday, Instructure disclosed that it was investigating a cyberattack and later revealed that it had suffered a data breach, during which users' names, email addresses, and private messages were exposed. The ShinyHunters extortion gang claimed responsibility for the attack and says it stole 280 million records for students, teachers, and staff. Instructure listing on ShinyHunters data leak site The threat actors have now published a list of 8,809 school districts, universities, and educational platforms whose Canvas instances were allegedly impacted by the attack, sharing record counts per institution with BleepingComputer. The record counts for each educational institution range from tens of thousands to several million per institution. BleepingComputer is not naming specific organizations listed by the threat actor, as we have not independently verified whether they were impacted by the breach. The threat actor claims the data was stolen using Canvas data export features, including DAP queries, provisioning reports, and user APIs, and that they harvested hundreds of gigabytes of user records, messages, and enrollment data. While Instructure has not responded to repeated emails regarding the incident, some universities have begun issuing statements about the potential impact. "CU is aware of a data breach involving Instructure, the parent company of Canvas, our learning management system. This reported data breach is a nationwide event affecting multiple institutions," warned the University of Colorado Boulder. "At present, Rutgers has not been notified of any direct impact to our campus. Canvas remains available and operational to Rutgers faculty, staff, and students," warned Rutgers. "An investigation is currently underway to determine what exactly happened and which systems were affected. It has not yet been confirmed whether data of Tilburg University students and staff has been impacted. Further questions have been submitted to the supplier to obtain more clarity," warns Tilburg University. BleepingComputer has contacted Instructure again with additional questions and will update this story if we receive a response. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Instructure confirms data breach, ShinyHunters claims attack Video service Vimeo confirms Anodot breach exposed user data Stolen Rockstar Games analytics data leaked by extortion gang Infinite Campus warns of breach after ShinyHunters claims data theft PowerSchool hacker claims they stole data of 62 million students