- ShinyHunters claims Instructure attack exposed data from nearly 9,000 schools and 275 million people
- The new named victims include elite universities (Harvard, MIT, Oxford, Stanford, Cambridge, etc.) and large technology companies.
- With the bailout set to expire on May 7, at least 47 million students risk being exposed if negotiations fail.
ShinyHunters may have stolen sensitive data from some of the world’s top universities, including Harvard, Oxford, and MIT, in the recent Canvas breach.
Instructure, the educational technology giant behind the popular Canvas learning system, recently confirmed that it suffered a cyberattack and lost confidential customer data.
Now, to further pressure Instructure to pay the ransom demand, ShinyHunters shared more details about the different organizations affected by the breach. It listed more than 8,800 educational institutions in 10 different countries, such as the United States, Australia, the United Kingdom, and Sweden.
Thousands of victims, millions of files
It states that in addition to Harvard, MIT, and Oxford, other major organizations are also affected, including Stanford, Princeton, Columbia, Cambridge, Cornell, Berkeley, and Georgetown.
Major technology companies are also reportedly affected, including Amazon, Apple and Cisco. It could mean that these organizations used Canvas to educate their employees, but at this point this is pure speculation.
The deadline to pay the ransom demand is May 7, 2026, and if Instructure decides not to pay, at least 47 million students could have their sensitive data exposed to other hackers.
The company said the criminals accessed “certain user-identifying information” at the affected institutions, including names, email addresses, student ID numbers, and user communications.
Passwords, dates of birth, government identifiers, or financial information were not involved, and the company revoked privileged credentials and access tokens associated with the affected systems to mitigate the threat.
At the same time, ShinyHunters, one of the most active ransomware groups at the moment, added Instructure to its data breach website, claiming to have stolen information from nearly 9,000 schools, affecting 275 million people.
“Several billion private messages between students, teachers, students and other students involved, containing personal conversations and other personal information. Your Salesforce instance was also breached and there is much more data involved,” ShinyHunters allegedly said at the time.
Through cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
