## Instructure Confirms Data Breach **Instructure** initially reported a cybersecurity incident on Friday night, prompting an immediate investigation. By Saturday, Chief Information Security Officer Steve Proud confirmed that attackers had gained unauthorized access to user information, including names, email addresses, student ID numbers, and user messages. Proud stated that the incident was contained with the assistance of cybersecurity experts. Containment measures included revoking privileged credentials and access tokens, as well as deploying security patches. However, some of these measures temporarily disrupted services for customers. Notably, **Instructure** asserted that no financial information, passwords, or government documents were compromised during the attack. ## ShinyHunters Claims Responsibility The **ShinyHunters** group claimed responsibility for the attack on Sunday, alleging the theft of 3.6 TB of data from over 9,000 schools. **Instructure** has not yet commented on the validity of these claims. This is not the first time **Instructure** has been targeted by **ShinyHunters**. The company was previously attacked in September as part of a broader campaign targeting data storage platforms. ## A Pattern of Attacks The **ShinyHunters** group has been increasingly active, with recent attacks targeting several high-profile organizations, including **ADT**, **McGraw Hill**, and **Rockstar**. They have also previously targeted educational institutions such as **Harvard** and the **University of Pennsylvania**. ## The Growing Threat to Educational Data This incident highlights the growing threat to educational data held by third-party companies. In January 2025, **PowerSchool** suffered a significant breach that exposed sensitive data of millions of students and teachers. That breach, which included sensitive information such as special education status and mental health details, has resulted in multiple lawsuits alleging inadequate cybersecurity practices.