Canvas breach spotlights cybercriminal appetite for student data

A criminal group, ShinyHunters, claimed responsibility for a breach of Instructure’s Canvas learning platform that reportedly impacted roughly 9,000 customers (including major universities). The attackers posted an extortion demand, claimed to have accessed names, emails, student IDs and private messages, and reportedly exploited a vulnerability in the Free for Teacher support-ticket system; Canvas services were later restored and the FBI and U.S. House committee have been reported to be investigating.