[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTYzYzT6e1o1fWOCbOdO4aO2hwkaN5nzf_f7JDB7d_kc":3},{"article":4,"iocs":51},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"c62ff6aa-7dd6-4c35-92b3-b23dad7f70b0","Government to Scrutinize Instructure Over Canvas Disruption, Data Breach","government-to-scrutinize-instructure-over-canvas-disruption-data-breach-6de7bf","The Committee on Homeland Security has requested to be briefed on the incident and Instructure’s remediation steps. The post Government to Scrutinize Instructure Over Canvas Disruption, Data Breach appeared first on SecurityWeek.","The US House Committee on Homeland Security has requested a briefing from Instructure following cyberattacks on its Canvas learning platform in late April and early May. ShinyHunters claimed responsibility for stealing 3.65 terabytes of data affecting approximately 275 million students, teachers, and staff across 9,000 education institutions, with the disruption impacting universities and school districts across 11 states. Instructure has stated the incident is contained and negotiated the return and deletion of stolen data, though it temporarily shut down Free-For-Teacher accounts due to security issues that were exploited in both intrusions.","US House Committee demands briefing on Instructure Canvas data breach affecting 275M individuals","The US House Committee on Homeland Security has asked Instructure to provide details on the recent cyberattacks that disrupted its broadly used online learning system Canvas. An initial intrusion on April 29 was blamed for the disruption of tools relying on API keys. The education technology company restored the services by May 3, but took them offline again on May 7, after the hackers returned and defaced school login portals. The attack was claimed by the notorious extortion group ShinyHunters, which allegedly stole 3.65 terabytes of data, including the personal information of 275 million students, teachers, and other individuals at approximately 9,000 education institutions. This week, Instructure revealed that it struck a deal to have the stolen data returned and erased from the hackers’ servers. It also noted that an issue with its Free-For-Teacher accounts was exploited in both intrusions and that the incident has been fully contained. “As a result, we have made the difficult decision to temporarily shut down Free-For-Teacher accounts. These accounts have been a core part of our platform, and we’re committed to resolving the issues with these accounts,” the company said on Monday. Now, the Committee on Homeland Security is summoning Instructure to a briefing, demanding answers on how the intrusion occurred, what types of data were affected, and how the company resolved the attack. Advertisement. Scroll to continue reading. “The briefing should address the circumstances of both intrusions, the nature and volume of data accessed, the steps Instructure has taken and is taking to contain the threat and notify affected institutions, and the adequacy of the company’s coordination with federal law enforcement and CISA,” the Committee told Instructure in a letter (PDF) this week. “The Committee takes seriously both the harm to students and educational institutions caused by this incident and the broader implications for how the educational technology sector manages and discloses cybersecurity risks,” the letter reads. According to the Committee, the May 7 disruption impacted universities and school districts across 11 states, and ShinyHunters’ past attacks against Ticketmaster, AT&T, and various educational institutions are evidence of the threat it poses. “With students at more than 8,000 institutions navigating final examinations and end-of-semester deadlines, the disruption of a platform that Instructure itself describes as serving more than 30 million active users globally is a matter of national concern,” the letter reads. Related: 716,000 Impacted by OpenLoop Health Data Breach Related: BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months Related: West Pharmaceutical Services Hit by Disruptive Ransomware Attack Related: SailPoint Discloses GitHub Repository Hack Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker BypassOver 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain AttackGitHub Confirms Hack Impacting 3,800 Internal RepositoriesVerizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach VectorUnpatched ChromaDB Vulnerability Can Lead to Server TakeoverB1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards201 Arrested in Crackdown on Cybercrime in Middle East, North AfricaPoC Released for DirtyDecrypt Linux Kernel Vulnerability Latest News Cisco Patches Critical Vulnerability in Secure WorkloadOcean Emerges From Stealth With $28M for Agentic Email Security PlatformApple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud PreventionDrupal Patches Highly Critical Vulnerability Exposing Websites to HackingSocket Raises $60 Million at $1 Billion ValuationMicrosoft Patches Exploited UnDefend and RedSun Defender Zero-DaysGoogle’s Surge in Chrome Vulnerability Discoveries Likely Driven by AISupply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the MoveJoe Chen has become Chief Technology Officer at Trellix.Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO.SecureAuth has named Mark van Oppen as Chief Revenue Officer.More People On The MoveExpert Insights Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fgovernment-to-scrutinize-instructure-on-canvas-disruption-data-breach\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F07\u002Fplead-guilty-hacker-court.jpeg","2026-05-13T12:13:14+00:00","2026-05-13T14:00:10.735209+00:00",8,[18,21,24,27],{"name":19,"type":20},"Canvas","product",{"name":22,"type":23},"Instructure","vendor",{"name":25,"type":26},"ShinyHunters","threat_actor",{"name":28,"type":29},"API keys","technology","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":30,"icon":32,"name":33,"slug":34},null,"Breaches","breaches",[36,41,46],{"category":37},{"id":38,"icon":32,"name":39,"slug":40},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":42},{"id":43,"icon":32,"name":44,"slug":45},"c5c77cdb-f7d7-4990-9436-c81dcbff1163","Policy","policy",{"category":47},{"id":48,"icon":32,"name":49,"slug":50},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[52],{"type":53,"value":25,"context":54},"malware","Threat actor group claiming responsibility for Canvas data breach and extortion"]