Instructure Investigates Cybersecurity Incident Impacting Canvas Learning Platform
**Instructure**, the company behind the widely-used **Canvas** learning platform, has disclosed a recent cybersecurity incident and is actively investigating its scope and impact. The company is working with forensics experts to understand the incident and minimize its impact, promising transparency throughout the process.
**Instructure**, a leading education technology company known for its **Canvas** learning management system (LMS), is currently dealing with a cybersecurity incident.
### Incident Details
"Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts," stated Steve Proud, Chief Security Officer of **Instructure**.
The company is focusing on understanding the extent of the intrusion and taking steps to minimize any potential fallout. **Instructure** has emphasized its commitment to transparency and will provide updates as the investigation progresses.
### Service Disruptions
Since May 1st, certain services, including **Canvas Data 2** and **Canvas Beta**, have been under maintenance. Customers have been warned that they may experience issues with tools relying on API keys. While **Instructure** hasn't explicitly linked this maintenance to the security incident, the timing raises questions.
**BleepingComputer** reached out to **Instructure** for further details but has not yet received a response.
### Education Sector Under Attack
Education technology firms are increasingly becoming targets for malicious actors due to the vast amounts of personal information they hold on students and teachers. This incident follows a concerning trend of attacks targeting educational institutions and related services.
In January 2025, **PowerSchool** disclosed a significant data breach affecting 62 million students. In September 2025, **Instructure** itself disclosed a separate breach stemming from a social engineering attack targeting its **Salesforce** instance. The threat actor **ShinyHunters** claimed responsibility for that incident and listed **Instructure** on a data leak site.
**Infinite Campus** has also been targeted in similar campaigns, with claims of data exfiltration from its **Salesforce** environment.
## [99% of What Mythos Found Is Still Unpatched.](https://hubs.li/Q04crVgD0)
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.
[Claim Your Spot](https://hubs.li/Q04crVgD0)