// Alert

Instructure threat report

Instructure (parent company of Canvas LMS) disclosed a data breach discovered April 29, 2026, affecting approximately 9,000 schools globally and 275 million individuals. Threat actor ShinyHunters claimed responsibility; compromised data included names, email addresses, student IDs, and user messages. The breach resulted from a Salesforce misconfiguration. A second breach attempt occurred days later involving unauthorized web messages. Instructure paid ransom to threat actors.

// Get alerts for Instructure