UK Cybercrime Journal: British Universities Struck by ShinyHunters Before Exam Season

On 3 May 2026 the ShinyHunters collective claimed to have breached Instructure (Canvas LMS), exfiltrating ~3.65 TB of data covering about 275 million records across up to 9,000 institutions, then issued extortion demands and defaced ~330 institution login portals; Instructure confirmed names, student IDs, emails, and private messages were exposed, that a Free‑for‑Teacher account creation vulnerability was exploited, and reported reaching an agreement with the actor to prevent public release of the data.