Instructure user personal information breach
Data Leak
Summary
Hide ▲
Show ▼
Instructure confirmed a data breach that exposed users' personal information, putting students, teachers, and staff at risk across affected institutions. The exposed material includes names, email addresses, student ID numbers, and messages among users, while the company said it found no evidence that passwords or financial information were involved. A group calling itself ShinyHunters claimed responsibility and said the data was stolen through a patched vulnerability, but that claim remains unverified. Instructure said it deployed patches, increased monitoring, and rotated application keys as part of its response.
Related Happenings
ShinyHunters school-by-school extortion campaign targeting Canvas institutions
Campaign
First: 11.05.2026 13:05
Last: 11.05.2026 13:05
Sources 1
How related:
A second wave on May 7 saw attackers deface Canvas login portals at roughly 330 institutions with extortion messages, setting a May 12 deadline for negotiation.
About this happening:
ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...
ShinyHunters school-by-school extortion campaign targeting Canvas institutions
CampaignHow related: A second wave on May 7 saw attackers deface Canvas login portals at roughly 330 institutions with extortion messages, setting a May 12 deadline for negotiation.
About this happening: ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...
Zara customer data leak exposing 197,400 people
Data Leak
First: 08.05.2026 13:42
Last: 08.05.2026 13:42
Sources 1
About this happening:
The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...
Zara customer data leak exposing 197,400 people
Data LeakAbout this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...
Unnamed organization stolen data published on DLS
Data Leak
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
**Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Unnamed organization stolen data published on DLS
Data LeakAbout this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Instructure hit by cyberattack
Incident
First: 04.05.2026 01:16
Last: 04.05.2026 01:16
Sources 1
How related:
But the following day, ShinyHunters returned, compromising Canvas and posting a ransom demand on the platform login pages.
About this happening:
**Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...
Instructure hit by cyberattack
IncidentHow related: But the following day, ShinyHunters returned, compromising Canvas and posting a ransom demand on the platform login pages.
About this happening: **Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...
Latest development: 14.05.2026 23:19
The House Committee on Homeland Security and the US Senate Committee on Health, Education, Labor, and Pensions sought briefings from Instructure over the Canvas compromise, pressing the edtech vendor on whether it paid a ransom, what data was affected, how it handled the recent attacks, and whether the incident was linked to a prior Salesforce compromise.
BlackFile victims' Salesforce and SharePoint data leak
Data Leak
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
BlackFile's **stolen documents** were published on a **dark web leak site**, exposing employee and business records taken from **Salesforce** and **SharePoint** environments. The...
BlackFile victims' Salesforce and SharePoint data leak
Data LeakAbout this happening: BlackFile's **stolen documents** were published on a **dark web leak site**, exposing employee and business records taken from **Salesforce** and **SharePoint** environments. The...
Timeline
-
04.05.2026 01:16 2 articles · 23d ago
Instructure says users' personal information was exposed
Victim Impact UpdateInstructure said on Saturday that users' personal information was exposed in the breach, with indications that names, email addresses, student ID numbers, and messages among users may be involved at affected institutions. The company said it found no evidence that passwords, dates of birth, government identifiers, or financial information were involved, and it deployed patches, increased monitoring, rotated application keys, and required customers to re-authorize access to Instructure's API for new application keys.
Show sources
- Instructure confirms data breach, ShinyHunters claims attack — www.bleepingcomputer.com — 04.05.2026 01:16
- Congress Puts Heat on Instructure After Canvas Outage — www.darkreading.com — 14.05.2026 23:19