Instructure Breach Exposes Schools' Vendor Dependence

Instructure's Canvas LMS was breached and ShinyHunters claims to have exfiltrated ~3.65 TB of data affecting roughly 275 million users across about 9,000 institutions; exposed data reportedly includes names, emails, student IDs, and private messages. Instructure engaged forensics, revoked credentials, patched systems, and rotated keys while warning that stolen messages and identifiers enable phishing, extortion, and regulatory risks for schools covered by FERPA.