Canvas Data Breach 2026: 275 Million Students and Teachers Hit by ShinyHunters Hack

# Canvas Data Breach 2026: 275 Million Students and Teachers Hit by ShinyHunters Hack

> **Quick answer:** ShinyHunters, a financially motivated cybercrime group, breached Instructure — the company behind Canvas LMS — and claims to have stolen 275 million records from 8,809 schools and universities worldwide. Stolen data includes names, email addresses, student IDs, and private messages between teachers and students. No passwords or financial data were confirmed compromised. ShinyHunters has threatened to publicly release everything by May 12, 2026 unless Instructure pays.

The Canvas data breach of 2026 is one of the largest education sector cyberattacks in history. If your school or university uses Canvas, your personal data is almost certainly part of this incident — and right now, the clock is ticking on a ransom deadline that could expose hundreds of millions of private messages to the public internet.

## What Happened: ShinyHunters Hacks Instructure Twice in One Month

Instructure, the Salt Lake City-based company that operates Canvas LMS — the learning management system used by 41 percent of all higher education institutions in North America — confirmed a cybersecurity incident on May 5, 2026.

The threat actors behind it are ShinyHunters, a well-known financially motivated extortion gang with a history of high-profile breaches against cloud-based platforms and universities. This is not their first attack on Instructure. The group claims a first breach occurred in April 2026, with the current May incident representing a second, escalating strike.