INSTRUCTURE CONFIRMS DATA BREACH BY SHINYHUNTERS

Instructure, a major provider of learning management systems, disclosed the security incident after ShinyHunters publicly claimed responsibility for the attack. The threat actor group, known for targeting technology companies and attempting to extort payments by threatening to sell stolen data, confirmed they accessed Instructure's systems. The company confirmed that unauthorized access occurred but did not immediately disclose the full scope of compromised information. ShinyHunters' claims suggest the breach exposed customer data, though specific details about user records, credentials, or other sensitive information remain unclear. Instructure's Canvas platform serves educational institutions globally, hosting course materials, grades, and student information. The breach raises concerns about data security at organizations managing sensitive information for millions of users. The company stated it is investigating the incident and working with security professionals to understand what occurred. Instructure has not publicly detailed its response to ShinyHunters' extortion demands or timeline for notifying affected users. ShinyHunters has claimed credit for multiple high-profile breaches in recent years, typically stealing data and then attempting to sell it on dark web marketplaces or demanding ransom payments. Their claims in this case follow a pattern of publicly disclosing attacks to maximize pressure on targets. Instructure customers and users should monitor their accounts for suspicious activity and review security practices. The company is expected to provide more detailed incident information and remediation steps as its investigation progresses. This breach adds to a growing list of cyberattacks targeting educational technology providers, which handle extensive personal and academic data on vulnerable student populations.