ShinyHunters Breaches Instructure, Owner of Widely Used Canvas LMS

The ShinyHunters threat group attacked Instructure, the company behind Canvas, one of the most widely deployed learning management systems in higher education and K-12. The breach highlights concentration risk in educational institutions that rely on centralized third-party platforms for student and faculty data. Full scope of the data exfiltration has not been publicly disclosed. Educational institutions using Canvas should monitor Instructure’s incident disclosures and review their vendor risk management processes.