Instructure data breach has exposed sensitive student information, putting many institutions at risk. This cyberattack has raised concerns about privacy in the education sector.

Instructure data breach

The hacking group ShinyHunters claimed responsibility for the Instructure data breach. They allege stealing names, email addresses, and messages between teachers and students.

Additionally, the stolen information matches what Instructure said was compromised. However, the data shared so far does not include passwords or other unaffected types.

A sample of data from two U.S. schools was reviewed by TechCrunch. Therefore, this sample confirms that names, emails, and phone numbers were part of the Instructure data breach.

Furthermore, ShinyHunters released a list of nearly 8,800 schools allegedly involved in the Instructure data breach. TechCrunch could not verify the full extent, since only some schools are confirmed Canvas users.

Instructure has more than 8,000 customer institutions, according to its official information. Consequently, spokesperson Kate Holmes directed questions to the company’s status page, where updates about the Instructure data breach are published.

On the ShinyHunters data leak site, hackers claimed up to 9,000 schools and 275 million people are affected. However, such groups may exaggerate to attract media attention.

As of Tuesday, Instructure reported restoration of some products like Canvas after maintenance, according to the original source.

Tags: Instructure data breach, education data leak, student data security, ShinyHunters cyberattack, Canvas breach, school cybersecurity incident, educational privacy breach, hackers steal student information