91��Ƭ

A cyberattack on Instructure, the company behind Canvas LMS, exposed student names, email addresses, ID numbers, and private messages across thousands of institutions worldwide, with a criminal extortion group threatening to publish the stolen data unless the company pays a ransom.

Instructure disclosed the breach on April 30,and confirmed the following day that a hacker was responsible, according to and . The company retained outside forensics experts, contained the attack by May 3, and reissued application keys compromised during the intrusion.

The ShinyHunters extortion group listed Instructure on its leak site on May 3, claiming to have stolen 3.65 terabytes of data, belonging to 275 million individuals at nearly 9,000 schools worldwide. The group set a May 6 deadline, threatening a full public release if the company did not engage.

Instructure has not confirmed those figures or addressed the extortion demands publicly, and said it has found no evidence that passwords, government identifiers or financial information were involved, according to Bleeping Computer.

The breach is not an isolated event. ShinyHunters through the school software firm Infinite Campus in March.

Districts face mounting threats beyond vendor platforms. Spring Lake Park Schools in Minnesota shut down its technology systems and canceled classes following a ransomware attack reported on April 13. No cybercriminal has been identified, and officials have not confirmed whether data was exfiltrated, according to .

Find more solutions in the full “Field Guide for People Leadership,” which is available with .��Then, navigate to the People section of the Content Hub, which is listed in the menu on the left side of 91��Ƭ+.

Austin Independent School District that repeated distributed denial of service (DDoS) attacks had caused network outages for students and staff, which the district linked to geopolitical tensions abroad. Austin ISD said it coordinated with the Texas Information Sharing and Analysis Organization to intercept malicious traffic in real time.

The K12 Security Information eXchange, a nonprofit serving the education sector, tracked additional incidents in recent months. Minersville Area School District in Pennsylvania closed for four days in December 2025 after attackers attempted to install malware on district devices, while Pell City School System in Alabama reported data exfiltration in a breach claimed by ransomware group SafePay, which targeting U.S. K-12 schools in 2025.

Chicago Public Schools that a vendor breach involving file-transfer software company Cleo had exposed names, dates of birth, and district ID numbers for all current students and former students dating back to the 2017-2018 school year. The district reported the incident to the FBI and the Illinois Attorney General.

The Instructure investigation remains ongoing.

District 91��Ƭistration uses artificial intelligence to support research and drafting, with all content reviewed and verified by the author.

More from 91��Ƭ: Cell phone bans aren’t showing the results leaders want