ShinyHunters claims nearly 9,000 schools affected by Canvas data breach | EdScoop<\/title> <meta name=\"description\" content=\"The group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country.\"> <link rel=\"canonical\" href=\"https:\/\/edscoop.com\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"ShinyHunters claims nearly 9,000 schools affected by Canvas data breach | EdScoop\"> <meta property=\"og:description\" content=\"The group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country.\"> <meta property=\"og:url\" content=\"https:\/\/edscoop.com\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\/\"> <meta property=\"og:site_name\" content=\"EdScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/sngedscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-07T22:46:05+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-07T22:46:07+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg\"> <meta property=\"og:image:width\" content=\"1300\"> <meta property=\"og:image:height\" content=\"867\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Colin Wood\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@EdScoop_news\"> <meta name=\"twitter:site\" content=\"@EdScoop_news\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"EdScoop \u00bb Feed\" href=\"https:\/\/edscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"EdScoop \u00bb Comments Feed\" href=\"https:\/\/edscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/edscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/edscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/edscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/edscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/edscoop.com\/wp-json\/wp\/v2\/posts\/26309\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/edscoop.com\/?p=26309\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/edscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fedscoop.com%2Fshinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/edscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fedscoop.com%2Fshinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/edscoop.com\/wp-content\/uploads\/sites\/4\/2023\/01\/cropped-es_favicon-1.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/edscoop.com\/wp-content\/uploads\/sites\/4\/2023\/01\/cropped-es_favicon-1.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/edscoop.com\/wp-content\/uploads\/sites\/4\/2023\/01\/cropped-es_favicon-1.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/edscoop.com\/wp-content\/uploads\/sites\/4\/2023\/01\/cropped-es_favicon-1.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-26309 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-edscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/edscoop.com\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82352941176471\">\n<div class=\"stickybar__details\" readability=\"5.6\">\n<p>Subscribe to our weekly newsletter.<\/p>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/edscoop.com\/subscribe\">Subscribe<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.585421412301\">\n<div class=\"single-article__header-content\" readability=\"34.992924528302\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/edscoop.com\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/edscoop\/26309\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Instructure\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg 1300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"20.341791044776\"><body readability=\"41.753376394598\"><\/p>\n<p>ShinyHunters, the prolific criminal hacker and extortion group, on Thursday provided additional details about its recent breach of Canvas, the learning management system developed by Instructure, with hopes of coaxing payments from some of the nearly 9,000 educational institutions it claims are affected.<\/p>\n<p>After announcing on May 1 that it had exfiltrated several terabytes of data containing the personal information of 275 million users, it announced a deadline of Thursday before \u201ceverything is leaked and there will be no chance at a negociation for anyone. Instructure has not even bothered speaking to us to understand the situation or to even negociate with us to prevent the release of this data. Our demand was not even as high as you might think it is.\u201d<\/p>\n<p>On Thursday, the group presented to Canvas users a second message and extended the deadline for payment until May 12. \u201cShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some \u2018security patches\u2019,\u201d the note reads. The group advised affected schools to consult security professionals and use the Tox messaging protocol to negotiate a \u201csettlement.\u201d<\/p>\n<p>The attached list of affected institutions includes many school districts, along with well-known universities, including Cambridge, Columbia, Cornell, Georgetown, Harvard, MIT and UC Berkeley.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>There are mixed reports of exactly which organizations are affected and what sort of data is included in the breach. <a href=\"https:\/\/www.techradar.com\/pro\/security\/top-universities-among-victims-named-in-canvas-data-breach-mit-oxford-and-more-all-hit\">Tech Radar<\/a> reported that affected data includes names, email addresses, student ID numbers and user communications, but that passwords, dates of birth and financial information were not involved.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.4803921568627\">\n<div class=\"author-card\" readability=\"11\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach-1.jpg?w=640&ssl=1\" alt=\"Colin Wood\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Colin Wood<\/h4>\n<p> Colin Wood is the editor in chief of StateScoop and EdScoop. He\u2019s reported on government information technology policy for more than a decade, on topics including cybersecurity, IT governance and public safety. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Higher Education<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Cybersecurity<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Hybrid Learning<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to EdScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/edscoop.com\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ShinyHunters claims nearly 9,000 schools affected by Canvas data breach<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78],"tags":[86],"class_list":["post-8623","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a>","tag_info":"Cybersecurity","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8623"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8623\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8623,"date":"2026-05-08T08:29:45","date_gmt":"2026-05-08T13:29:45","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88931"},"modified":"2026-05-08T08:29:45","modified_gmt":"2026-05-08T13:29:45","slug":"shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/08\/shinyhunters-claims-nearly-9000-schools-affected-by-canvas-data-breach\/","title":{"rendered":"ShinyHunters claims nearly 9,000 schools affected by Canvas data breach"},"content":{"rendered":"