Top universities among victims named in Canvas data breach - MIT, Oxford and more all hit

News
By published

ShinyHunters is increasing the heat on Instructure

Hands on a laptop with overlaid logos representing network security
(Image credit: Thapana Onphalai via Getty Images)
  • ShinyHunters claim the Instructure attack exposed data from nearly 9,000 schools and 275M individuals
  • Newly named victims include elite universities (Harvard, MIT, Oxford, Stanford, Cambridge, etc.) and major tech firms
  • With ransom due May 7, at least 47M students risk exposure if negotiations fail

Some of the world’s top universities, including the likes Harvard, Oxford, and MIT, may have had their sensitive data stolen by ShinyHunters in the recent Canvas breach.

Instructure, the edtech giant behind the popular Canvas learning system, recently confirmed suffering a cyberattack and losing sensitive customer data.

Now, to further pressure Instructure into paying the ransom demand, ShinyHunters shared more details about different organizations affected by the breach. It listed more than 8,800 educational institutions in 10 different countries, such as the US, Australia, the UK, and Sweden.

Latest Videos From

Thousands of victims, millions of files

It claims that besides Harvard, MIT, and Oxford, other major organizations are affected, too, including Stanford, Princeton, Columbia, Cambridge, Cornell, Berkeley, and Georgetown.

Major tech companies are also allegedly affected, including Amazon, Apple, and Cisco. It could mean that these organizations used Canvas to educate their employees but at this stage, this is pure speculation.

The deadline to pay the ransom demand is May 7, 2026, and if Instructure decides not to pay, at least 47 million students could have their sensitive data exposed to other hackers.

The company said the crooks accessed “certain identifying information of users” at affected institutions, including names, email addresses, student ID numbers, and user communications.

Passwords, dates of birth, government identifiers, or financial information, were not involved, and the company revoked privileged credentials and access tokens associated with affected systems in order to mitigate the threat.

At the same time, ShinyHunters, one of the most active ransomware groups right now, added Instructure to its data leak website, claiming to have stolen information from nearly 9,000 schools, affecting 275 million individuals.

"Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved,” ShinyHunters allegedly said at the time.

Via Cybernews

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.