SECURITYWEEK reports that education technology company Instructure disclosed on 30 April 2026 that a cyberattack also resulted in a data breach, with access to names, email addresses, and student ID numbers, as well as user messages. The incident was attributed to a cyberattack, and by 3 May 2026 the ShinyHunters extortion group added Instructure to its Tor-based leak site, claiming 3.65 terabytes of stolen data.
The group claims the data belongs to 275 million students, teachers, and other individuals at close to 9,000 educational institutions worldwide, and that Instructure’s Salesforce instance was compromised. Instructure said there was no evidence that passwords, dates of birth, government identifiers, or financial information were involved. The firm said it had revoked privileged credentials and access tokens, reissued certain application keys, deployed security fixes, and increased monitoring.
According to SecurityWeek, the company has not disclosed how many institutions or users were affected, nor the identity of the threat actor behind the incident.