Educational tech firm Instructure data breach may have impacted 9,000 schools – Security Affairs
Educational tech firm Instructure data breach may have impacted 9,000 schools
MOVEit automation flaws could enable full system compromise
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog
AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95
U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog
Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION
Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling
Trellix discloses the breach of a code repository
New Deep#Door RAT uses stealth and persistence to target Windows
Digital attacks drive a new wave of cargo theft, FBI says
Carding service Jerry’s Store leak exposes 345,000 stolen payment cards
Anthropic launches Claude Security to counter rapid AI-Powered exploits
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
Copy Fail: New Linux bug enables Root via page‑cache corruption
Agent’s claims on WhatsApp access spark security concerns
Meta accused of violating DSA by failing to safeguard minors
Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS).
The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external cybersecurity experts and law enforcement to investigate the breach. Canvas is widely used by schools and universities to manage courses, assignments, and online learning, raising concerns about student and staff data security.
The company says the security incident appears to be contained while investigations continue. Instructure revoked privileged credentials and access tokens, deployed security patches, rotated some keys as a precaution, and increased monitoring across systems.
“Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused – Implemented increased monitoring across all platforms.” reads the Incident Report. “While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.”
So far, the exposed data likely includes user identifiers such as names, email addresses, student ID numbers, and some user messages. The company states that there is currently no evidence that passwords, dates of birth, government IDs, or financial data were affected.
The educational technology firm continues to monitor the situation and will notify institutions if new findings emerge, while updating its status page and working to strengthen system security.
Instructure did not share details about the attack, however, the ShinyHunters extortion group claimed responsibility for the attack and added the company to its Tor data leak site.
“Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII. Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved. Pay or Leak.” the group wrote on its leak site. “This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.,” reads the data leak site.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)
Cyber Crime / May 05, 2026
Security / May 04, 2026
Breaking News / May 04, 2026
Hacking / May 04, 2026
Security / May 04, 2026
To contact me write an email to:
Pierluigi Paganini :
[email protected]
Copyright@securityaffairs 2024
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
