Canvas Breach Exposes 275M Records, Highlights Vendor Risk

Canvas Online Learning Platform Shut Down for Hours After Cyberattack Canvas, a platform used by over 8,000 universities and K-12 schools for course websites, assignments and communication, shut down for several hours on Thursday. A hacking group claimed responsibility for a data breach affecting the company that owns the platform, jeopardizing the personal data of millions of students and teachers. ShinyHunters, the hacking group that claimed responsibility for the Instructure data breach, said it had accessed data from more than 275 million people across nearly 9,000 schools, according to a ransom letter shared on May 3 by Ransomware.live, which monitors ransomware groups. An email shared with students at Barnard College in New York said the outage had appeared to be “the result of a previous cyberattack on Instructure.” Instructure disclosed on May 1 that it had experienced a “cybersecurity incident perpetrated by a criminal threat actor.” Steve Proud, Instructure’s chief information security officer, said the company had enlisted forensics experts to minimize the impact of the breach. Most users regained access to the platform hours after a hacking group said it had attacked Canvas’s parent company and breached 275 million people’s data. #cyber #breach #security #schoolsystem #Canvas https://lnkd.in/eraF9bUH

Security Managent here just blows my mind. Sadly it usually takes a breach on one's attack surface for the entity attacked invests money to prevent such external vulnerabilities. As noted in story ..... " "The group said it had breached Instructure “again” after the company failed to contact it to resolve its security issue. Instead, the group claimed that Instructure “ignored us and did some ‘security patches.’” Sounds like port scanners , so old school. Look until people start going on 'Active Offensive' for discovery, the bad guys will have an edge. Here even with a knock across the face, they ignored what was available to help. Canvas Online Learning Platform Shut Down for Hours After Cyberattack https://lnkd.in/d_qXx--i

A ransomware group just breached a cybersecurity vendor. Let that sink in. RansomHouse claimed access to a portion of Trellix's source code repository on April 17. Trellix confirmed the intrusion and says there's no evidence the software distribution pipeline was affected, but the investigation is ongoing and the full scope hasn't been confirmed. That was last week. This week, ShinyHunters breached Instructure, the company behind Canvas, claiming access to data from nearly 9,000 schools worldwide — hitting during finals season, with billions of private messages and records reportedly accessed. Wikipedia Two major breaches. Two weeks. Two different industries. The threat actors aren't slowing down. A cybersecurity vendor and an edtech platform used by millions of students both got hit in the same month. No sector is off limits. This is the time of the year that threat actors get busy. Why? You are going on summer vacations, and they know that! If your security posture still assumes the perimeter holds, these are the weeks that should change that conversation. #cybersecurity #datasecurity #threatintelligence #CISO #databreach Worth a proactive conversation before they ask you about it. https://lnkd.in/gUax_eWJ https://lnkd.in/gEeUzh9h #cybersecurity #datasecurity #DLP #threatintelligence #CISO

The alleged ShinyHunters breach targeting Canvas reportedly impacted nearly 9,000 schools and exposed data tied to up to 275 million users globally. Finals week. AP exams. Peak operational dependency. This is the new reality: identity and SaaS platforms have become critical infrastructure. When they fail, operational disruption follows at scale. Cybersecurity is no longer just about protecting systems, it’s about maintaining continuity. https://lnkd.in/eTRRnRx7

Was your school impacted by the recent Canva security incident? The attack breached 275 million people’s data. Cyber threats targeting education continue to grow, and many schools are realizing just how important layered security and proactive monitoring have become. Check out the recent New York Times article below for more on the attack and what it means for schools and IT teams. https://lnkd.in/gEJDtY7d

ShinyHunters vs. Canvas: 275 Million Identities Held for Ransom On May 7, 2026, 9,000 schools including Harvard and Michigan hit a wall. As students logged in for final exams, the Canvas platform went dark. Instructure had attempted to patch a previous security flaw, but the digital gates were already kicked open. This catastrophic failure highlights a critical third-party risk: when a single vendor falters, the entire educational supply chain collapses. The hacking group ShinyHunters claimed total victory. They allegedly seized data from 275 million users, including names, IDs, and billions of private messages. Because schools rely on this external partner to host sensitive information, they were left powerless as hackers posted ransom notes on login pages, threatening a massive data leak by May 12. Managing vendor risk is no longer optional; it is a requirement for survival. Organizations must act now to contain the fallout: • Audit the Supply Chain: Move beyond trust by requiring continuous security validation and "right to audit" clauses in vendor contracts. • Security Hardening: Enforce strict Multi-Factor Authentication (MFA) and zero-trust access for all third-party integrations. In a world where hackers can hold an entire semester hostage, a school’s resilience is measured by its preparation, not just its patches. By aggressively managing third-party risks and hardening digital borders today, institutions can transform a catastrophic breach into a blueprint for a more secure, unshakeable future.

REALTIME Canvas breech by ShinyHunters — the same criminal extortion group behind breaches at Ticketmaster, Google, and multiple universities claiming responsibility - At Abnormal AI we are not only concerned for the breach itself, but especially downstream for the next days/weeks/months/years as this Instructure breech has exposed names, email addresses, student IDs, inter-user messages across thousands of institutions (estimating ~9,000 institutions and 41% of higher ed for scale)— we are expecting a significant uptick in phishing campaigns leveraging this data. Likely vectors they will be attacking: - Lures impersonating Instructure / Canvas support, breach notification, or "reset your password" workflows. - Lures impersonating University IT or instructors using the leaked name/email/student ID combinations to add legitimacy. - Longer-tail credential harvesting and BEC pivots once the data is fully leaked. - Targeting of faculty/admin accounts using student-context pretexts pulled from leaked message content. Abnormal AI can help!!!! https://lnkd.in/gPSFDwHH #CityGovernment #LocalGovernment #EmailSecurity #Cybersecurity #CountyGovernment #LocalGovernment #EmailSecurity #SecurityOperations #StateGovernment #SLED #EmailSecurity #Cybersecurity #K12Education #EmailSecurity #Microsoft365 #Cybersecurity #HigherEducation #EmailSecurity #GoogleWorkspace #SecurityOperations #Microsoft365 #EmailSecurity #Cybersecurity #Education #CommunityCollege #AbnormalSecurity #abnormalAI

Cyber threats are no longer something that only affect large corporations. The recent Canvas-related cyber incident impacting over 9,000 schools and hundreds of millions of student records is another reminder that no organization is immune. Educational institutions, healthcare providers, manufacturers, small businesses — everyone is a target. The question is no longer if an attack will happen. It’s whether your business is prepared when it does. Too many organizations still rely on reactive security measures, outdated infrastructure, or fragmented solutions that leave gaps attackers can exploit. Cybersecurity requires a layered, multifaceted approach that combines connectivity, visibility, protection, and rapid response. At Vyve Broadband, we help businesses strengthen their defenses with a robust portfolio of solutions including: • Managed Firewall & Network Security • Cisco Meraki Cloud-Managed Security • Secure Fiber Connectivity • UC & Collaboration Solutions • Managed Wi-Fi & Network Monitoring • End Point Protection • Business Continuity & Reliability Solutions Don’t let your company become the next headline. Investing in cybersecurity is no longer optional — it’s foundational to protecting your customers, employees, and reputation. #CyberSecurity #ManagedServices #FiberInternet #CiscoMeraki #BusinessSecurity #TechnologySolutions #MSP #CyberAwareness #VyveBroadband

Instructure, the company behind Canvas, is dealing with a major cyber incident impacting 8000+ k-12 schools and universities nationwide. When platforms become deeply embedded into everyday workflows, the responsibility around identity, authentication, and data isolation grows significantly, especially when students are involved. For payments and fintech, the broader lesson is resilience and dependency planning as more infrastructure centralizes onto shared platforms. For payments and fintech, the lesson is not just cybersecurity. It is resilience, authentication, vendor concentration, and isolation of critical systems. How are you thinking about dependency risk as more infrastructure consolidates onto shared platforms? #Cybersecurity #Payments #Fintech #RiskManagement

“ Instructure , the #edtech giant behind the widely popular #Canvas #learningManagementSystem (#LMS), has reached an "agreement" with the ShinyHunters #extortion group to prevent the data stolen in a recent #breach from being leaked online. The company says over 30 million educators and students use its Canvas platform across more than 8,000 schools and universities worldwide” https://lnkd.in/e6tRAYAb