- ShinyHunters claims the Instructure attack exposed data from nearly 9,000 schools and 275 million people.
- Among the new victims are elite universities (Harvard, MIT, Oxford, Stanford, Cambridge, etc.) and large technology companies.
- With ransom due May 7, at least 47 million students risk exposure if negotiations fail
Some of the world’s largest universities, including Harvard, Oxford, and MIT, may have had their sensitive data stolen by ShinyHunters in the recent Canvas breach.
Instructure, the edtech giant behind the popular Canvas learning system, recently confirmed that it suffered a cyberattack and lost sensitive customer data.
Now, to further pressure Instructure to pay the ransom demand, ShinyHunters has shared more details about the various organizations affected by the breach. It lists over 8,800 educational institutions in 10 different countries, including the United States, Australia, the United Kingdom and Sweden.
Thousands of victims, millions of files
He says that besides Harvard, MIT and Oxford, other large organizations are also affected, including Stanford, Princeton, Columbia, Cambridge, Cornell, Berkeley and Georgetown.
Large technology companies would also be affected, including Amazon, Apple and Cisco. This could mean that these organizations used Canvas to educate their employees, but at this point this is pure speculation.
The deadline to pay the ransom is May 7, 2026, and if Instructure decides not to pay, at least 47 million students could have their sensitive data exposed to other hackers.
The company said the scammers accessed “certain user identifying information” at the affected institutions, including names, email addresses, student ID numbers and user communications.
Passwords, dates of birth, government IDs, or financial information were not involved, and the company revoked privileged credentials and access tokens associated with affected systems to mitigate the threat.
Meanwhile, ShinyHunters, one of the most active ransomware groups today, added Instructure to its data leak website, claiming to have stolen information from nearly 9,000 schools, affecting 275 million people.
“Several billion private messages between students, teachers and other students involved, containing personal conversations and other personal information. Your Salesforce instance has also been hacked and many more other data are involved,” ShinyHunters was quoted as saying at the time.
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
