ShinyHunters claim that Instructure Holdings, Inc. (Canva LMS, instructure.com) and nearly 9,000 schools worldwide have been compromised, exposing data for about 275 million individuals including students, teachers, and staff with PII and billions of private messages. Details include a Salesforce breach and other data exposures, a demand to pay or leak, a final warning by 6 May 2026, and a reported size of 3.65TB+ uncompressed as of 3 May 2026. #UnitedStates
Incident Details
- Victim: Instructure Holdings, Inc. (Canva LMS, instructure.com)
- Sector: Education
- Country: US
- Actor: shinyhunters
- Source:
- Discovered: 2026-05-03T09:00:08.806602+00:00
- Published: 2026-05-03T09:00:07.344764+00:00
Information
- ShinyHunters claims responsibility.
- Nearly 9,000 schools worldwide affected.
- Data for approximately 275 million individuals (students, teachers, staff) containing PII.
- Several billion private messages among students and between students and teachers, containing personal conversations and PII.
- Salesforce instance breached; additional data involved.
- Demand: Pay or leak.
- Final warning requiring contact by 6 May 2026 before data is leaked and digital disruptions occur.
- Make the right decision, donβt be the next headline.
- Size: 3.65TB+ (uncompressed).
- Updated: 3 May 2026.
- Warning: FINAL WARNING PAY OR LEAK.
Disclaimer: This post is based on public claims made by the ransomware group "shinyhunters". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.