// Alert

Canvas threat report

// CanvasCRITICAL

Instructure's Canvas learning management system has suffered a major data breach, with the ShinyHunters group claiming theft of approximately 275 million student and staff records spanning more than 7,000 universities and K-12 districts. The stolen dataset reportedly includes years of academic activity, communications, and other personal information tied to student identities. Disruptions to Canvas access during peak exam season led several US universities, including Harvard and Northwestern, to postpone final exams. Reports indicate Instructure paid the ransom demand, though attackers had already exfiltrated the data. Initial access is believed to have involved social engineering targeting identity, consistent with prior ShinyHunters tradecraft. Downstream risks include long-term phishing, impersonation, and identity fraud, particularly for minors whose identities may remain unmonitored for years.

// Get alerts for Canvas