Major Instructure Data Breach Exposes Student Information

Hackers stole private student data in a breach recently disclosed by EdTech firm Instructure.

Education technology leader Instructure disclosed a significant cybersecurity breach on May 1, 2026. The company, known for its Canvas learning management platform serving over 8,000 institutions worldwide, stated that hackers accessed student names, email addresses, student ID numbers, and messages exchanged among users.

Cybercriminal group ShinyHunters took credit, alleging theft of 3.65 terabytes of data impacting around 275 million people across 9,000 institutions. These figures haven’t yet been independently verified.

Instructure’s Chief Information Security Officer, Steve Proud, said, “We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact.” He stressed that “no evidence” was found of password, financial, or government ID exposure. (Instructure Status Page)

This marks the second notable security incident for Instructure within a year. In September 2025, the company reported unauthorized access to its Salesforce environment, raising red flags about ongoing data protection challenges. (Security Boulevard)

• Data in question: Although passwords and financial data remain secure per the company’s investigation, the exposure of academic and personal identifiers presents lasting risks for students and educators.
• Sector impact: The breach is expected to trigger comprehensive security and legal reviews across educational institutions and EdTech vendors.

Full details of the breach method and affected institutions remain under investigation.

Yes, but: The full extent of the breach and ShinyHunters' claims remain unverified, and details on breach methods are unclear.

What's next: Instructure’s investigation continues as institutions await further details and breach impact assessments.