[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fORU08bEN59h_Prf2kMDIdPhSItdmKQm_3d_NjMtecg8":3},{"article":4,"iocs":41},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"07ebe13f-3903-4f80-a85f-1c58f93acbe4","ShinyHunters claims nearly 9,000 schools affected by Canvas data breach","shinyhunters-claims-nearly-9-000-schools-affected-by-canvas-data-breach-602238","The group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country. The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop.","ShinyHunters, a prolific extortion group, claims to have breached Instructure's Canvas learning management system, exfiltrating data from nearly 9,000 educational institutions and 275 million users. The group initially announced the breach on May 1 and set extortion deadlines, claiming Instructure ignored negotiation attempts and only issued security patches in response. Affected institutions include major universities such as Harvard, MIT, Cambridge, Columbia, and Cornell; exposed data reportedly includes names, email addresses, student IDs, and user communications, but not passwords or financial information.","ShinyHunters claims Canvas LMS breach affecting 9,000 schools; extorts Instructure for payment.","ShinyHunters, the prolific criminal hacker and extortion group, on Thursday provided additional details about its recent breach of Canvas, the learning management system developed by Instructure, with hopes of coaxing payments from some of the nearly 9,000 educational institutions it claims are affected. After announcing on May 1 that it had exfiltrated several terabytes of data containing the personal information of 275 million users, it announced a deadline of Thursday before “everything is leaked and there will be no chance at a negociation for anyone. Instructure has not even bothered speaking to us to understand the situation or to even negociate with us to prevent the release of this data. Our demand was not even as high as you might think it is.” On Thursday, the group presented to Canvas users a second message and extended the deadline for payment until May 12. “ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” the note reads. The group advised affected schools to consult security professionals and use the Tox messaging protocol to negotiate a “settlement.” The attached list of affected institutions includes many school districts, along with well-known universities, including Cambridge, Columbia, Cornell, Georgetown, Harvard, MIT and UC Berkeley. There are mixed reports of exactly which organizations are affected and what sort of data is included in the breach. Tech Radar reported that affected data includes names, email addresses, student ID numbers and user communications, but that passwords, dates of birth and financial information were not involved. Share Facebook LinkedIn Twitter Copy Link","https:\u002F\u002Fedscoop.com\u002Fshinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\u002F","https:\u002F\u002Fedscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F4\u002F2026\u002F05\u002FGettyImages-2227049611.jpg","2026-05-08T13:29:45+00:00","2026-05-08T14:00:27.551082+00:00",9,[18,21,24,27],{"name":19,"type":20},"ShinyHunters","threat_actor",{"name":22,"type":23},"Instructure","vendor",{"name":25,"type":26},"Canvas","product",{"name":28,"type":29},"Tox messaging protocol","technology","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":30,"icon":32,"name":33,"slug":34},null,"Breaches","breaches",[36],{"category":37},{"id":38,"icon":32,"name":39,"slug":40},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[42],{"type":43,"value":19,"context":44},"malware","Prolific criminal hacker and extortion group responsible for Canvas\u002FInstructure breach"]