Instructure user personal information breach
Data Leak
Summary
Hide ▲
Show ▼
Instructure confirmed a data breach that exposed users' personal information, putting students, teachers, and staff at risk across affected institutions. The exposed material includes names, email addresses, student ID numbers, and messages among users, while the company said it found no evidence that passwords or financial information were involved. A group calling itself ShinyHunters claimed responsibility and said the data was stolen through a patched vulnerability, but that claim remains unverified. Instructure said it deployed patches, increased monitoring, and rotated application keys as part of its response.
Cases
Related Happenings
Instructure's Canvas hit by data theft breach
Incident
H score65
First: 26.06.2026 11:00
Last: 26.06.2026 11:00
Sources 1
How related:
The CMC said that approximately 160 UK higher education institutions were affected and threat actors exfiltrated confidential course and user data.
About this happening:
The **Canvas** incident at **Instructure** exposed confidential **course and user data** after **unauthorized activity** and a later access event, affecting about **160 UK higher...
Instructure's Canvas hit by data theft breach
IncidentHow related: The CMC said that approximately 160 UK higher education institutions were affected and threat actors exfiltrated confidential course and user data.
About this happening: The **Canvas** incident at **Instructure** exposed confidential **course and user data** after **unauthorized activity** and a later access event, affecting about **160 UK higher...
Infinite Campus hit by data theft breach linked to ShinyHunters
Incident
H score51
First: 15.06.2026 15:38
Last: 15.06.2026 15:38
Sources 1
About this happening:
**Infinite Campus** suffered a **Salesforce data theft breach** that exposed **more than 137,000 school staff accounts**, putting staff contact and account data at risk. The compr...
Infinite Campus hit by data theft breach linked to ShinyHunters
IncidentAbout this happening: **Infinite Campus** suffered a **Salesforce data theft breach** that exposed **more than 137,000 school staff accounts**, putting staff contact and account data at risk. The compr...
Nottingham University data publication on ShinyHunters leak site
Data Leak
H score68
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Nottingham University data publication on ShinyHunters leak site
Data LeakAbout this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
DentaQuest 2.6 million-account data leak
Data Leak
H score65
First: 04.06.2026 21:36
Last: 04.06.2026 21:36
Sources 1
About this happening:
**DentaQuest**'s **public leak** exposed records for **2.6 million accounts**, putting **personal and health-related data** at risk. The leak followed **ShinyHunters**' claim to h...
DentaQuest 2.6 million-account data leak
Data LeakAbout this happening: **DentaQuest**'s **public leak** exposed records for **2.6 million accounts**, putting **personal and health-related data** at risk. The leak followed **ShinyHunters**' claim to h...
Carnival Corporation customer data leak
Data Leak
H score60
First: 28.05.2026 13:49
Last: 28.05.2026 13:49
Sources 1
About this happening:
**Carnival Corporation** confirmed a **customer data leak** that exposed personal information for **5,995,277 people**, making this a large-scale privacy and identity-risk event....
Carnival Corporation customer data leak
Data LeakAbout this happening: **Carnival Corporation** confirmed a **customer data leak** that exposed personal information for **5,995,277 people**, making this a large-scale privacy and identity-risk event....
Timeline
-
04.05.2026 01:16 3 articles · 2mo ago
Instructure says users' personal information was exposed
Victim Impact UpdateInstructure said on Saturday that users' personal information was exposed in the breach, with indications that names, email addresses, student ID numbers, and messages among users may be involved at affected institutions. The company said it found no evidence that passwords, dates of birth, government identifiers, or financial information were involved, and it deployed patches, increased monitoring, rotated application keys, and required customers to re-authorize access to Instructure's API for new application keys.
Show sources
- Instructure confirms data breach, ShinyHunters claims attack — www.bleepingcomputer.com — 04.05.2026 01:16
- Congress Puts Heat on Instructure After Canvas Outage — www.darkreading.com — 14.05.2026 23:19
- CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach — www.infosecurity-magazine.com — 26.06.2026 11:00