INSTRUCTURE HACKERS CLAIM 9,000 SCHOOLS DATA BREACH

Instructure, which operates Canvas, a widely-used learning management system, disclosed a security incident affecting its platform. Threat actors claim to have accessed data from approximately 9,000 schools and set a May 12 deadline for the company to respond to their demands. The attackers disrupted Canvas access for students globally, causing widespread outages across educational institutions. Schools reported being unable to access course materials, assignments, and other critical learning resources. Instructure has not publicly detailed the scope of compromised information or confirmed the attackers' claims regarding the number of affected schools. The company typically hosts data for K-12 and higher education institutions across North America and beyond. The incident highlights ongoing vulnerabilities in edtech infrastructure and the targeting of education sector systems by cybercriminals. Schools have increasingly relied on centralized learning platforms during and after pandemic-driven remote learning expansion, making them attractive targets. Extortion attempts like this have become common in ransomware attacks, where threat actors encrypt or steal data and demand payment in exchange for restoring access or deleting stolen information. The May 12 deadline appears designed to pressure rapid negotiations. Instructure users were advised to monitor their accounts for suspicious activity. The company has not announced payment negotiations or confirmed specifics about the attackers' identities or affiliations. This breach affects millions of students and educators who depend on Canvas for daily coursework. Education institutions typically lack dedicated cybersecurity resources compared to other sectors, making them vulnerable targets for ransomware operations. The incident underscores the need for improved security practices and backup systems at major edtech providers serving critical educational infrastructure.