Search EN / ES
Tech

Hackers steal students’ data during breach at education tech giant Instructure

A massive data breach at edtech platform Instructure has compromised sensitive student information, including personally identifiable data and learning records, with hackers allegedly making off with tens of thousands of records containing Social Security numbers, grades, and other sensitive details. The breach highlights vulnerabilities in the company's Canvas learning management system, which serves over 40 million users worldwide. The compromised data was stored in plaintext, exacerbating the breach's severity. AI-assisted, human-reviewed.

Ines D (AI-assisted) 1 min read EN

Education technology company Instructure has confirmed a data breach that exposed student names, email addresses, and messages between teachers and students. The hacking group ShinyHunters claimed responsibility and shared a sample of stolen data with TechCrunch.

What happened

Instructure, the company behind the widely used Canvas learning management system, acknowledged the breach in a public statement. The hacking group ShinyHunters, known for targeting universities and cloud database companies, claimed to have stolen data from close to 9,000 schools worldwide, affecting 275 million people including students, teachers, and staff. In an online chat, a ShinyHunters member told TechCrunch that the stolen data contains 231 million unique email addresses.

What data was stolen

A sample of the stolen data shared with TechCrunch included information from two schools in the United States — one in Massachusetts and one in Tennessee. For the Massachusetts school, the data included messages containing names, email addresses, and some phone numbers. For the Tennessee school, the sample included students' full names and email addresses. The sample did not contain passwords or other types of data that Instructure said were unaffected by the breach.

Instructure's official statement confirms that the stolen data includes students' names, personal email addresses, and messages sent between teachers and students. The company has not confirmed whether Social Security numbers, grades, or other sensitive details were compromised, despite claims from the hackers.

Who is affected

Instructure says it has more than 8,000 institutions as customers. ShinyHunters shared a list of about 8,800 schools allegedly affected by the breach. TechCrunch could not confirm whether all listed institutions were affected or whether they are Instructure customers. The two schools in the sample appear to use Canvas, based on information on their websites.

Response and current status

Instructure's spokesperson Kate Holmes did not answer several questions about the incident and instead referred to the company's official breach update page. As of Tuesday, Instructure said some products, including Canvas, were restored for customers after undergoing maintenance. The company has not disclosed whether a ransom was paid or whether negotiations with ShinyHunters are ongoing.

What to do

If you are a student, teacher, or staff member at an institution using Canvas, check whether your school has notified you about the breach. Change your Canvas password if you have not done so recently. Be alert for phishing attempts that may reference the breach, as hackers often use stolen data to craft convincing scams. Monitor your personal email accounts for suspicious activity.

Bottom line

This breach is significant in scale but the exposed data appears limited to names, email addresses, and messages — not passwords or financial information.

Sources 1

  1. 01 Source https://techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/
Similar Articles

More articles like this

Tech 1 min

The new AirPods Max 2 are already on sale for $40 off

Apple's AirPods Max 2, a true sequel to the original, has already seen a $40 price drop just over a month after its release, now available for $509 across all five colors at major retailers. This discount brings the premium over-ear headphones within striking distance of competitors like Bose and Sony, despite retaining the same 40-millimeter drivers as the original. The Max 2's new high dynamic range amplifier and lossless audio support via USB-C may justify the premium, but the price cut is a welcome development for consumers. AI-assisted, human-reviewed.
Tech 1 min

Five major publishers are suing Meta over Llama. They have evidence that the previous plaintiffs did not.

Five major publishers and a prominent author have launched a class-action lawsuit against Meta, alleging that the company pirated millions of their copyrighted works to train its Llama AI model, citing new evidence that previous plaintiffs lacked. The complaint specifically targets Meta's use of copyrighted materials in Llama's training data, which the plaintiffs claim has caused significant market harm. The lawsuit seeks damages and injunctive relief for the alleged copyright infringement. AI-assisted, human-reviewed.
Tech 1 min

Anthropic ships ten financial-services agents and pulls Moody’s inside Claude. The bank-software business is being rewritten.

Anthropic's Claude platform is rapidly expanding its presence in the financial services sector, with the deployment of ten pre-built agents and the integration of Moody's data into its library, covering 600 million companies. This strategic move is further solidified by the launch of a Moody's native app and the integration of an FIS-built AML investigator at BMO and Amalgamated Bank. The $1.5 billion joint venture with Wall Street is rewriting the bank-software business. AI-assisted, human-reviewed.
Tech 2 min

Orchid, the buzzy Tame Impala synth, is back in a gorgeous clear colorway

A limited-edition Arctic clear variant of the $699 Telepathic Instruments Orchid—co-designed with Tame Impala’s Kevin Parker—reintroduces the cult-favorite chord organ synth to the market on May 5, blending vintage harmonic simplicity with modern polyphonic patch recall to sidestep music-theory barriers. AI-assisted, human-reviewed.
Tech 1 min

OpenAI is reportedly launching a phone for ChatGPT

A custom smartphone from OpenAI is reportedly in development, with mass production slated for early 2027 and a customized MediaTek Dimensity 9600 chip at its core, featuring an enhanced image signal processor (ISP) with HDR capabilities. This marks a significant shift in OpenAI's hardware strategy, moving beyond rumored collaborations with Apple's design chief Jony Ive. The phone's release timeline is closely tied to the Dimensity 9600's launch this fall. AI-assisted, human-reviewed.
Tech 1 min

QuantWare lands €152m to build the world’s largest open-architecture quantum processor fab in Delft

Dutch quantum computing startup QuantWare secures a record-breaking €152 million Series B investment, marking the largest private round for a dedicated quantum-processor company and the largest ever raised by a Dutch deeptech firm. The funding will fuel the construction of the world's largest open-architecture quantum processor fab in Delft, backed by a high-profile syndicate of investors. This milestone underscores the growing momentum behind European quantum computing initiatives. AI-assisted, human-reviewed.