Instructure Canvas LMS ShinyHunters breach (2026)
ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools — names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.
- Victim
- Instructure (Canvas LMS)
- Loss
- $10.0M
- Records
- 275.0M