// Service

Canvas

Instructure Canvas LMS — used by K-12 and higher-ed for coursework, grading, and SSO.

// Alerts

Recent threats

ShinyHunters exploited a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft between May 27 and June 9, 2026, affecting over 100 organizations—68% in higher education. The threat group, previously linked to the Canvas breach, gained unauthorized access to student records and other sensitive data. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and mandated remediation for federal agencies by June 14.

// CanvasCRITICAL

ShinyHunters breached Instructure Canvas LMS in April 2026, stealing 3.65TB of data affecting approximately 275 million user records across 9,000 educational institutions. The threat group demanded ransom and disclosed the breach using the FFT vector. Canvas is widely deployed across schools and universities globally.

// CanvasCRITICAL

Instructure's Canvas learning management system has suffered a major data breach, with the ShinyHunters group claiming theft of approximately 275 million student and staff records spanning more than 7,000 universities and K-12 districts. The stolen dataset reportedly includes years of academic activity, communications, and other personal information tied to student identities. Disruptions to Canvas access during peak exam season led several US universities, including Harvard and Northwestern, to postpone final exams. Reports indicate Instructure paid the ransom demand, though attackers had already exfiltrated the data. Initial access is believed to have involved social engineering targeting identity, consistent with prior ShinyHunters tradecraft. Downstream risks include long-term phishing, impersonation, and identity fraud, particularly for minors whose identities may remain unmonitored for years.

Instructure has confirmed a data breach affecting its Canvas learning management platform that impacted educational institutions globally. The company stated it reached an agreement with the unauthorized actor that resulted in the return and destruction of the accessed data. Affected organizations include Pittsfield Public Schools in Massachusetts, where secondary student progress reports were among the data exposed, and Singapore government-supported institutes, where the Ministry of Education said no sensitive data appears to have been leaked. The full scope of impacted institutions and data categories has not been disclosed, and Instructure is continuing to notify affected customers. Institutions using Canvas should review notifications from Instructure and assess any downstream exposure of student or staff records.

Canvas, the Instructure-owned learning management system, was the subject of a hack disclosed in early May 2026 that exposed data from nearly 9,000 schools, including personally identifying information. Reporting frames the incident as part of a broader pattern of edtech breaches affecting student and staff records. Specific attack vectors, threat actor attribution, and the full scope of compromised data have not been detailed in this coverage. Schools using Canvas should monitor for official Instructure advisories, review account activity, and prepare for potential notification obligations. Severity is rated HIGH given the confirmed large-scale exposure of personal data across thousands of institutions.

// CanvasCRITICAL

Instructure's Canvas learning management system suffered a data breach disclosed on May 7, 2026, taking the platform offline during U.S. college finals period. The hacking group ShinyHunters claimed responsibility, with reports indicating exposure of personal information for over 275 million students, teachers, and staff across nearly 9,000 schools worldwide, including K-12 districts and universities. Instructure stated that no passwords, government IDs, or financial data appear to have been stolen, and the platform has since been restored. Some institutions, including Georgia Tech, advised users not to log back in immediately while investigations continued. The incident has caused significant academic disruption and remains under active review.