INSTRUCTURE has disclosed a second data breach in less than a year, reportedly carried out by threat actors known as ShinyHunters. The breach follows an April 2026 incident in which some customers experienced limited disruptions to tools relying on API keys, with updates in May confirming ongoing investigation and maintenance for Canvas Data 2 and Canvas Beta & Test.
A listing on ShinyHunters’ leak site dated 3 May 2026 claims that nearly 9,000 schools worldwide were affected and that data pertaining to 275 million individuals — including students, teachers, and staff — was involved, along with billions of private messages and other PII, and that a Salesforce instance was breached as well; the listing also claims 3.65 TB+ of data (uncompressed).
May 2 updates stated that, thus far, the information involved includes identifying information such as names, emails, and student ID numbers, and messages, with no evidence that passwords, dates of birth, government identifiers, or financial information were involved. According to DataBreaches[.]Net, the disclosure underscores ongoing concerns about the Education sector and the scale of ShinyHunters’ alleged activity.