Canvas Data Breach: Over 9,000 Educational Institutions Affected Worldwide
Canvas Data Breach: Over 9,000 Educational Institutions Affected Worldwide
The Canvas learning management system (LMS), one of the most widely used education platforms in the world, has become the target of a large-scale cyberattack — triggering a surge in searches across multiple countries. According to Kiolix Pulse data, current search volumes are as follows:
| Country | Search Volume |
|---|---|
| 🇺🇸 United States | 200,000+ |
| 🇬🇧 United Kingdom | 5,000+ |
| 🇦🇺 Australia | 2,000+ |
| 🇨🇦 Canada | 2,000+ |
| 🇲🇽 Mexico | 2,000+ |
| 🇧🇷 Brazil | 1,000+ |
| 🇪🇸 Spain | 500+ |
Search interest is highest in the United States, where Canvas is used by approximately 41% of higher education institutions in North America.
What Happened
Instructure Holdings, the US-based education technology company behind Canvas LMS, detected a cyberattack on its cloud-hosted environment on April 30, 2026. The company publicly confirmed the breach on May 1, taking parts of its service offline — including Canvas Data 2 and Canvas Beta — while working to contain the damage. API keys were compromised in the process, disrupting third-party integrations that rely on those keys to function.
The criminal extortion group ShinyHunters claimed responsibility for the attack. On its dark web leak site, the group alleged it had stolen more than 3.65 terabytes of data from nearly 9,000 educational institutions worldwide, affecting up to 275 million individuals. Instructure has not independently confirmed the 275 million figure.
What Data Was Exposed
Instructure's Chief Information Security Officer Steve Proud confirmed that the following categories of data were accessed:
- Full names, email addresses, and student ID numbers
- Private messages exchanged between users within the Canvas platform
Proud stated there is no evidence that passwords, dates of birth, government identifiers, or financial information were involved. However, the sensitivity of Canvas messages compounds the concern — the platform is routinely used by students to disclose medical and mental health information to academic advisers, request accommodations, and communicate with Title IX advocates.
ShinyHunters has further claimed possession of several billion private messages, threatening to release the full dataset unless a ransom is paid.
Affected Institutions
ShinyHunters published a list of approximately 8,809 affected educational institutions spanning at least 10 countries. Among those named are Harvard University, MIT, and Oxford University. Corporate clients including Amazon, Apple, and Cisco also appeared on the list, suggesting the platform was used for employee training purposes.
In Australia, the impact has been confirmed at multiple institutions. The Queensland Department of Education acknowledged that names, email addresses, and school location data of students and staff who used Canvas since 2020 were compromised. Queensland's education minister stated that anyone who used Canvas over at least the past six years could be affected. TasTAFE in Tasmania also confirmed that student data was accessed. The University of Technology Sydney (UTS), the University of Sydney, the University of Melbourne, Flinders University, and RMIT are among those actively investigating their exposure.
In Canada, the University of Toronto (UofT) has been frequently cited in connection with the breach, driving a notable spike in related searches.
ShinyHunters: A Repeat Offender
This is Instructure's second confirmed breach in approximately eight months. In September 2025, the same ShinyHunters group carried out a social engineering attack against the company's Salesforce environment.
ShinyHunters built its reputation by stealing and selling data on dark web forums. Security researchers link the group to a broader cybercrime network alongside Scattered Spider and LAPSUS$, with overlapping membership rooted in a youth cybercrime subculture known as "The Com." In 2026 alone, the group has been tied to attacks on Ticketmaster, the University of Pennsylvania, Princeton University, Amtrak, fintech lender Figure, and the school software firm Infinite Campus — where 11 million students were reportedly compromised in March.
Timeline of Events
| Date | Development |
|---|---|
| April 30, 2026 | Instructure detects intrusion in its cloud environment |
| May 1, 2026 | Breach publicly confirmed; Canvas Data 2 and Canvas Beta taken offline |
| May 2, 2026 | Instructure announces incident is believed to be contained; some user data confirmed accessed |
| May 3, 2026 | ShinyHunters lists Instructure on dark web leak site; list of ~8,800 affected institutions published |
| May 5, 2026 | Canvas Data 2 restored for most customers; TasTAFE confirms student data compromised |
| May 6, 2026 | Queensland government publicly confirms tens of thousands of students and staff affected; initial ransom deadline expires |
| May 7, 2026 | Hackers deface login pages of several institutions; deadline extended to May 12 |
What Users Should Do
Security experts recommend the following steps for Canvas users:
- Change your Canvas password immediately, and update any other accounts where the same password is used
- Be alert to phishing emails or messages appearing to come from Canvas or your institution — particularly those requesting login credentials or prompting you to click a link
- Do not act on unsolicited communications; go directly to your institution's official website for verified updates
- Notify your institution's IT department or data protection officer if you have not yet received an official notification
Sources
- WCNC: Hackers breach Canvas learning platform
- Cybernews: Canvas breach? Hackers threaten to leak messages of 275M users
- TechCrunch: Hackers steal students' data during breach at education tech giant Instructure
- TechCrunch: Hackers deface school login pages after claiming another Instructure hack
- Hackread: ShinyHunters' Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
- PhishByte: Australian Schools and Universities Hit by Global Canvas Data Breach
- Times Higher Education: Personalised phishing attacks likely after global Canvas hack
- Insurance Business Australia: Major cyber breach hits Australian schools
- TechRadar: Top universities among victims named in Canvas data breach
Kiolix Pulse Trend Data
Real-time search trend data for this topic by country is available on Kiolix Pulse (https://trend-now.org):
- 🇺🇸 United States: https://trend-now.org/google-search-trends/us/canvas
- 🇦🇺 Australia: https://trend-now.org/google-search-trends/au/canvas
- 🇧🇷 Brazil: https://trend-now.org/google-search-trends/br/canvas
- 🇨🇦 Canada: https://trend-now.org/google-search-trends/ca/canvas
- 🇪🇸 Spain: https://trend-now.org/google-search-trends/es/canvas
- 🇬🇧 United Kingdom: https://trend-now.org/google-search-trends/gb/canvas
- 🇲🇽 Mexico: https://trend-now.org/google-search-trends/mx/canvas
iOS App Download: https://apps.apple.com/app/id6763566796
Android App Download: https://play.google.com/store/apps/details?id=com.daolix.kiolix.pulse
Comments
Post a Comment