Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Instructure hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 15
3 unique sources, 3 articles

Summary

Hide ▲

Instructure disclosed a cybersecurity incident that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters because the company said personal information was affected, including some user identifiers and messages, while it also moved to tighten controls and rotate application keys.

Related Happenings

ShinyHunters school-by-school extortion campaign targeting Canvas institutions

Campaign
First: 11.05.2026 13:05 Last: 11.05.2026 13:05 Sources 1

How related: A second wave on May 7 saw attackers deface Canvas login portals at roughly 330 institutions with extortion messages, setting a May 12 deadline for negotiation.

About this happening: ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...

Open Happening

U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case

Law Enforcement
First: 05.05.2026 13:13 Last: 05.05.2026 13:13 Sources 1

About this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...

Open Happening

Instructure user personal information breach

Data Leak
First: 04.05.2026 01:16 Last: 04.05.2026 01:16 Sources 1

How related: Instructure acknowledged a data breach earlier this week, after the cybercrime group ShinyHunters claimed responsibility and said they would leak data on tens of millions of students and faculty unless paid a ransom.

About this happening: Instructure confirmed a **data breach** that exposed **users' personal information**, putting students, teachers, and staff at risk across affected institutions. The exposed mater...

Open Happening

Finnish arrest and U.S. charges in Bouquet Scattered Spider case

Law Enforcement
First: 28.04.2026 18:39 Last: 28.04.2026 18:39 Sources 1

About this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...

Open Happening

0APT and KryBit ransomware turf war forces rebuild and rebrand pressure

Threat Actor Meta
First: 28.04.2026 16:00 Last: 28.04.2026 16:00 Sources 1

About this happening: **0APT** and **KryBit** escalated a ransomware turf war in **April 2026** by leaking each other's operational data, defacing leak sites, and exposing infrastructure details that u...

Open Happening

Timeline

  1. 14.05.2026 23:19 1 articles · 12d ago

    US lawmakers seek briefing from Instructure over Canvas attacks

    Legal Policy Action Update

    The House Committee on Homeland Security and the US Senate Committee on Health, Education, Labor, and Pensions sought briefings from Instructure over the Canvas compromise, pressing the edtech vendor on whether it paid a ransom, what data was affected, how it handled the recent attacks, and whether the incident was linked to a prior Salesforce compromise.

    Show sources
    Open in new tab
  3. 04.05.2026 10:02 1 articles · 23d ago

    ShinyHunters claims Instructure data theft on leak site

    Attribution Update

    ShinyHunters added Instructure to its Tor-based leak site and claimed the theft of 3.65 terabytes of data, saying the material belonged to 275 million students, teachers, and other individuals at close to 9,000 education institutions worldwide and that Instructure’s Salesforce instance was also compromised.

    Show sources
    Open in new tab
  4. 04.05.2026 01:16 1 articles · 23d ago

    Instructure discloses cybersecurity incident and ShinyHunters claims responsibility

    Initial Disclosure

    Instructure disclosed a cybersecurity incident, said it was working with third-party cybersecurity experts and law enforcement, and ShinyHunters claimed responsibility for the stolen data in a cyberattack against the company.

    Show sources
    Open in new tab
  5. 04.05.2026 01:16 2 articles · 23d ago

    Instructure says user information was exposed and response steps were deployed

    Victim Impact Update

    Instructure updated its disclosure on Saturday to say that personal information of users at affected institutions was exposed, including names, email addresses, student ID numbers, and messages, while the company deployed patches, increased monitoring, and rotated application keys as a precautionary response.

    Show sources
    Open in new tab
  6. 04.05.2026 01:16 2 articles · 23d ago

    Instructure says user information was exposed and response steps were deployed

    Victim Impact Update

    Instructure updated its disclosure on Saturday to say that personal information of users at affected institutions was exposed, including names, email addresses, student ID numbers, and messages, while the company deployed patches, increased monitoring, and rotated application keys as a precautionary response.

    Show sources
    Open in new tab
  7. 30.04.2026 03:00 1 articles · 27d ago

    Instructure discloses weekend cyberattack and data breach

    Initial Disclosure

    Instructure disclosed a weekend cyberattack that disrupted tools relying on API keys and also resulted in a data breach, and the company retained outside forensics experts to investigate the incident.

    Show sources
    Open in new tab