Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Instructure's Canvas hit by data theft breach

Incident
First reported
Last updated
Happening score
H score 65
1 unique sources, 1 articles

Summary

Hide ▲

The Canvas incident at Instructure exposed confidential course and user data after unauthorized activity and a later access event, affecting about 160 UK higher education institutions and roughly 9,000 institutions worldwide. Instructure detected the activity on April 29, 2026, and the same threat actor gained additional access on May 7, 2026 through a second Canvas vulnerability. Canvas was reported fully online by May 9, but the stolen data creates a continuing risk of phishing, smishing, and vishing.

Cases

Canvas intrusion, data theft, and portal defacement (3)

Related Happenings

Silent Ransom Group US law firm IT impersonation campaign

Campaign
H score36 First: 29.05.2026 16:00 Last: 29.05.2026 16:00 Sources 1

About this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...

Open Happening

7-Eleven hit by network compromise

Incident
H score53 First: 19.05.2026 17:16 Last: 19.05.2026 17:16 Sources 1

About this happening: **7-Eleven** is a **victim-focused breach incident** in which an **unauthorized third party** accessed systems used to store **franchisee documents** on **April 8, 2026**, trigger...

Open Happening

Canvas Free- -Teacher actively exploited XSS vulnerabilities cross-site scripting flaw

Vulnerability
H score89 First: 11.05.2026 18:26 Last: 11.05.2026 18:26 Sources 1

About this happening: **Canvas Free-for-Teacher** was affected by **multiple XSS vulnerabilities** that let attackers obtain **authenticated admin sessions** and carry out **privileged actions**. The f...

Open Happening

ShinyHunters school-by-school extortion campaign targeting Canvas institutions

Campaign
H score80 First: 11.05.2026 13:05 Last: 11.05.2026 13:05 Sources 1

About this happening: ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...

Open Happening

Instructure user personal information breach

Data Leak
H score81 First: 04.05.2026 01:16 Last: 04.05.2026 01:16 Sources 1

How related: The CMC said that approximately 160 UK higher education institutions were affected and threat actors exfiltrated confidential course and user data.

About this happening: Instructure confirmed a **data breach** that exposed **users' personal information**, putting students, teachers, and staff at risk across affected institutions. The exposed mater...

Open Happening

Timeline

  2. 26.06.2026 11:00 1 articles · 4h ago

    Threat actor gains additional access and defaces Canvas login pages

    Exploitation Observed

    On May 7, 2026, the same threat actor gained additional access through a second Canvas vulnerability and changed the pages shown to students and teachers, with a defacement message appearing on approximately 330 institutional Canvas login pages.

    Show sources
    Open in new tab
  4. 26.06.2026 11:00 2 articles · 4h ago

    Cyber Monitoring Centre shares Canvas incident analysis and guidance

    Technical Analysis Update

    The UK’s Cyber Monitoring Centre shared its analysis of the Canvas cyber incident affecting Instructure’s learning management system, said about 160 UK higher education institutions and roughly 9,000 educational institutions worldwide were affected, and recommended clearer incident communication and maintained customer contacts for software providers.

    Show sources
    Open in new tab