ShinyHunters Claims Canvas Breach Affects 9,000 Schools, Demands Payment

ShinyHunters, a prolific criminal hacker and extortion group, claims to have breached Instructure’s Canvas learning management system, affecting nearly 9,000 educational institutions. CyberScoop reports the group exfiltrated several terabytes of data containing personal information from 275 million users. Initially setting a May 1 deadline for negotiations, ShinyHunters extended it to May 12 after Instructure reportedly failed to engage.

The group is now directly advising affected schools to seek security professionals and negotiate a “settlement” via the Tox messaging protocol. CyberScoop highlighted that the list of affected institutions includes numerous school districts and prominent universities such as Cambridge, Columbia, Cornell, Georgetown, Harvard, MIT, and UC Berkeley, among others. This incident marks what ShinyHunters claims is a repeat breach of Instructure’s systems.

This isn’t just a data dump; it’s a targeted extortion campaign against the institutions themselves. ShinyHunters’ direct outreach to schools, bypassing Instructure, signals a calculated move to maximize pressure and payouts. Their claim of Instructure’s inaction, whether true or not, is designed to erode trust and push schools to pay up.