Overview
- Instructure, which said Wednesday it reached a deal with the ShinyHunters group, reported the stolen files were returned with digital “shred logs” but declined to say if it paid.
- The breach exposed about 3.65 terabytes tied to roughly 8,800–9,000 schools and universities, including at least 122 in Australia, with names, emails, student IDs and private messages taken.
- Attackers used a weakness in Canvas’s Free‑For‑Teacher accounts to break in on April 29 and again on May 7, and the second wave defaced hundreds of login pages and disrupted finals.
- The House Homeland Security Committee requested a briefing and testimony from CEO Steve Daly to explain the intrusions, the data taken, and coordination with CISA and the FBI.
- Lawsuits are piling up in U.S. courts and experts warn the stolen identifiers can drive phishing that impersonates school staff, so institutions are rotating keys, reauthorizing logins, and warning students.