ShinyHunters claims nearly 9,000 schools affected by Canvas data breach

The hacking group ShinyHunters claims to have stolen data affecting nearly 9,000 schools that use Canvas, Instructure's learning management system. The group says it will release the compromised student information unless demands are met.

Canvas serves as a central digital hub for many K-12 and higher education institutions across the United States. The platform manages coursework, grades, assignments, and communications between students, teachers, and administrators. Schools rely on it to store sensitive student records alongside academic data.

Instructure, which operates Canvas, has not yet confirmed the full scope of the breach or released details about what types of student data were accessed. The company has acknowledged security incidents but typically limits disclosure about affected institutions to prevent further exploitation.

ShinyHunters has a documented history of targeting education technology platforms. The group has previously claimed responsibility for breaches affecting other EdTech vendors and has used similar tactics: stealing data and threatening public release to pressure victims into paying ransom demands.

The potential exposure of nearly 9,000 schools represents one of the largest education-sector data breaches in recent years. Student records commonly include names, addresses, email addresses, phone numbers, and academic performance information. In some cases, breaches expose Social Security numbers or payment information.

Schools that use Canvas range from small independent institutions to large public university systems. Many lack dedicated cybersecurity teams and must rely on vendor security protocols. The breach highlights vulnerabilities in centralized learning management systems that consolidate student data across entire districts or university networks.

Instructure customers are advised to monitor their systems for unauthorized access and prepare breach notifications if their data was compromised. Students and families affected by the breach should watch for suspicious account activity and phishing attempts targeting educational email addresses.

The incident underscores ongoing pressure on education technology companies to strengthen security infrastructure and implement incident response protocols that prevent mass data theft.