Education technology giant Instructure has officially confirmed a significant security incident involving its widely used Canvas learning management system. The breach has raised alarms across the academic sector, as hackers claim to have successfully exfiltrated a vast array of personal information, including names, private email addresses, and sensitive correspondence between educators and students.

The cyber-crime syndicate known as ShinyHunters has taken credit for the intrusion, asserting that they have obtained data spanning approximately 8,800 institutions. While Instructure has verified that the stolen information aligns with the claims made by the attackers, the company has attempted to mitigate concerns by stating that passwords and other highly sensitive authentication credentials remain secure. Verified samples of the leaked data have already surfaced, confirming the exposure of student and faculty details from various schools across the United States.

In the wake of the attack, the threat actors have reportedly issued ransom demands, threatening to leak the full dataset publicly if their financial terms are not met. The group is well-known for its aggressive tactics and history of targeting cloud-based platforms to leverage sensitive information for profit. Although Instructure has restored normal operations following a period of emergency maintenance, the incident remains under active investigation.

The company has established a dedicated response portal to provide guidance and updates for affected schools and individuals. This security failure highlights the escalating risks associated with the centralization of student data within cloud-based educational infrastructure, prompting calls for more rigorous security protocols across the ed-tech industry.