Major Data Breach at Canvas Affects 275 Million Users

Severity: High (Score: 71.0)

Sources: Cybernews, Scworld, Bleepingcomputer, Therecord.Media, News.Az

Summary

Instructure, the company behind the Canvas learning management system, confirmed a significant data breach involving the ShinyHunters hacking group. The attackers claim to have stolen over 3.65TB of data, potentially impacting up to 275 million users, including students, teachers, and staff from nearly 9,000 institutions worldwide. The exposed information includes names, email addresses, student ID numbers, and private messages, although there is no evidence that passwords or financial data were compromised. Instructure is currently working with cybersecurity experts and law enforcement to investigate the breach and has implemented security measures, including patching vulnerabilities and increasing monitoring. The attackers have threatened to leak the data unless their demands are met, with a deadline set for May 6, 2026. The incident highlights the growing trend of cyberattacks targeting educational technology firms, which hold vast amounts of personal information. Key Points: • Instructure confirmed a data breach affecting 275 million users of Canvas LMS. • ShinyHunters claims to have stolen over 3.65TB of data, including sensitive user information. • Instructure is investigating the breach and has implemented security measures to mitigate impact.

Key Entities

• Scattered Spider (apt_group)
• ShinyHunters (apt_group)
• Data Breach (attack_type)
• Ransomware (attack_type)
• Ameriprise Financial (company)
• Amtrak (company)
• Canvas LMS (company)
• Cisco (company)
• European Commission (company)
• Aura (platform)
• IOS (platform)
• Infrastructure (industry)
• CWE-200 - Exposure of Sensitive Information (cwe)
• news.az (domain)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1566 - Phishing (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Canvas (tool)