**Instructure**, a prominent U.S.-based education technology company known for its **Canvas** learning management system (LMS), is grappling with the aftermath of a confirmed cyberattack. The **ShinyHunters** extortion group has claimed responsibility, adding the company to their data leak site. ### Incident Disclosure On Friday, **Instructure** publicly disclosed a cybersecurity incident and stated they are collaborating with third-party cybersecurity experts and law enforcement to investigate the breach. An update on Saturday revealed that personal information of users was exposed. "While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users," the company stated. They added that, currently, there is no evidence of compromised passwords, dates of birth, government identifiers, or financial information. Impacted institutions will be notified if this changes. ### Mitigation Steps In response to the breach, **Instructure** has deployed patches, enhanced monitoring, and rotated application keys as a precautionary measure. Customers are now required to re-authorize access to **Instructure's** API to obtain new application keys. ### ShinyHunters' Claims While **Instructure** has not yet commented on the timing of the breach or potential extortion attempts, **ShinyHunters** has listed the company on their data leak site, claiming: "Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII. Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved."  **ShinyHunters** alleges that the data was exfiltrated via a now-patched vulnerability in **Instructure's** systems. The stolen data purportedly includes over 240 million records pertaining to students, teachers, and staff, encompassing students' names, email addresses, enrolled courses, and private messages to teachers. The threat actor claims the compromised dataset spans almost 15,000 institutions across North America, Europe, and the Asia-Pacific region. BleepingComputer has been unable to independently verify the extent of the breach or the specific institutions affected and has reached out to **Instructure** for further clarification regarding **ShinyHunters'** claims. <a rel="noopener nofollow" href="https://hubs.li/Q04crVgD0"><img alt="article image" src="https://www.bleepstatic.com/c/p/autonomous-validation2.jpg"></a> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q04crVgD0">99% of What Mythos Found Is Still Unpatched.</a></h2> <p>AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.</p> <p>At the Autonomous Validation Summit (May 12 &amp; 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q04crVgD0">Claim Your Spot</a></p> </div>