- ShinyHunters claim the Instructure attack exposed data from nearly 9,000 schools and 275M individuals
- Newly named victims include elite universities (Harvard, MIT, Oxford, Stanford, Cambridge, etc.) and major tech firms
- With ransom due May 7, at least 47M students risk exposure if negotiations fail
Some of the world’s top universities, including the likes Harvard, Oxford, and MIT, may have had their sensitive data stolen by ShinyHunters in the recent Canvas breach.
Instructure, the edtech giant behind the popular Canvas learning system, recently confirmed suffering a cyberattack and losing sensitive customer data.
Now, to further pressure Instructure into paying the ransom demand, ShinyHunters shared more details about different organizations affected by the breach. It listed more than 8,800 educational institutions in 10 different countries, such as the US, Australia, the UK, and Sweden.
Thousands of victims, millions of files
It claims that besides Harvard, MIT, and Oxford, other major organizations are affected, too, including Stanford, Princeton, Columbia, Cambridge, Cornell, Berkeley, and Georgetown.
Major tech companies are also allegedly affected, including Amazon, Apple, and Cisco. It could mean that these organizations used Canvas to educate their employees but at this stage, this is pure speculation.
The deadline to pay the ransom demand is May 7, 2026, and if Instructure decides not to pay, at least 47 million students could have their sensitive data exposed to other hackers.
The company said the crooks accessed “certain identifying information of users” at affected institutions, including names, email addresses, student ID numbers, and user communications.
Passwords, dates of birth, government identifiers, or financial information, were not involved, and the company revoked privileged credentials and access tokens associated with affected systems in order to mitigate the threat.
At the same time, ShinyHunters, one of the most active ransomware groups right now, added Instructure to its data leak website, claiming to have stolen information from nearly 9,000 schools, affecting 275 million individuals.
"Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved,” ShinyHunters allegedly said at the time.
Via Cybernews
