Data Security , Breach Instructure confirms data breach, ShinyHunters claims responsibility May 4, 2026 Share By SC Staff (Adobe Stock) According to Bleeping Computer, educational technology company Instructure has confirmed a cybersecurity incident that resulted in the theft of user data, with the ShinyHunters extortion gang claiming responsibility for the attack. Instructure, known for its Canvas learning management system, disclosed the breach on Friday and stated that personal information of users was exposed. The company's investigation indicates that names, email addresses, student ID numbers, and messages among users were compromised. Instructure has stated there is no evidence that passwords, dates of birth, government identifiers, or financial information were accessed. In response, Instructure has implemented patches, enhanced monitoring, and rotated application keys. The ShinyHunters gang has listed Instructure on its data leak site, claiming to have stolen data affecting nearly 9,000 schools and 275 million individuals, including private messages and data from a Salesforce instance. The alleged attackers say the vulnerability has been patched. The stolen data reportedly includes names, email addresses, enrolled courses, and private messages, spanning approximately 15,000 institutions globally. Source: Bleeping Computer SC Staff Related Data Security Chinese-linked Salt Typhoon suspected in Italy’s Sistemi Informativi breach SC Staff May 4, 2026 The breach, which occurred in late April 2026, impacted Sistemi Informativi, a critical IT infrastructure provider for numerous Italian public and private entities. Data Security Instructure investigates cybersecurity incident impacting Canvas platform SC Staff May 4, 2026 Instructure confirmed that a criminal threat actor perpetrated the incident and that the company is working with external forensics experts to understand the full extent of the breach. Data Security Medicare directory exposes Social Security numbers of US healthcare providers SC Staff May 1, 2026 The database, intended to populate a Medicare directory launched by CMS as part of plans to modernize Medicare, was left publicly accessible. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Attack Vector Byte Cipher Ciphertext Cryptographic Hash Functions Cyclic Redundancy Check (CRC) Data Aggregation Data Encryption Standard (DES) Decryption Digital Envelope You can skip this ad in 5 seconds