Instructure, the company behind Canvas, a learning management system utilized by 41 percent of North American colleges, has reportedly experienced a significant data breach. The criminal group ShinyHunters announced that its attack has compromised personal information of 275 million individuals, impacting nearly 9,000 schools globally, including both K–12 and higher education institutions.
This incident underscores a growing trend where cybercriminals target third-party vendors instead of individual educational institutions. Doug Thompson, a cybersecurity expert, noted that attackers are increasingly focusing on platforms that serve multiple institutions, rather than solely targeting individual campuses. This approach highlights the vulnerabilities present in the educational technology supply chain.
ShinyHunters has a history of breaching education-related technology firms, including a prior attack on Salesforce that involved the theft of approximately one billion customer records. Instructure stated that it has managed to contain the breach, but the incident raises concerns about the security of personal data in the education sector.