## Shinyhunters Claims 275M Student Records Stolen from Canvas; Instructure Says Data Destroyed in Deal
A ransomware operation identifying itself as Shinyhunters has claimed responsibility for a breach affecting the data of approximately 275 million students, educators, and staff connected to Canvas, the widely deployed learning management system operated by Instructure. The group asserts it successfully exfiltrated sensitive records before encrypting systems, raising urgent questions about the scale of exposure across educational institutions worldwide. Instructure, however, has pushed back, stating it negotiated directly with the attackers and obtained verified digital confirmation that the stolen data has been destroyed—though security researchers note that such assurances are difficult to independently substantiate.

The incident places the education sector squarely in the crosshairs of financially motivated cybercriminals who increasingly target institutional databases as high-value stores of personal identifiable information. Canvas serves thousands of schools, universities, and corporate training programs, making the potential footprint of any compromise unusually broad. Shinyhunters has a documented history of stealing data and monetizing it through direct sales or follow-on extortion, which complicates Instructure's claim that the matter is resolved. Security analysts emphasize that even if data was technically deleted by the threat actors, copies may exist on underground forums, and the absence of published evidence does not guarantee safety.

The case underscores the growing challenge facing educational institutions: massive repositories of sensitive data with limited cybersecurity resources and a sprawling user base that includes minors. Regulators in multiple jurisdictions could face pressure to investigate whether Instructure's data protection practices met baseline standards. For now, affected users have limited recourse beyond monitoring for identity fraud and expecting that compromised information may surface in future credential-stuffing campaigns or phishing operations.
---
- **Source**: Mastodon:mastodon.social:#ransomware
- **Sector**: The Vault
- **Tags**: ransomware, Shinyhunters, Canvas, student data, education sector
- **Credibility**: unverified
- **Published**: 2026-05-15 01:18:29
- **ID**: 83265
- **URL**: https://whisperx.ai/en/intel/83265