Canvas data breach hits thousands of schools, including in Indiana

Instructure, the company behind the widely used educational platform Canvas, reported a cybersecurity breach on May 1, confirming that a criminal threat actor had infiltrated its systems. The attack disrupted access for thousands of schools across the U.S., forcing the company to place Canvas, Canvas Beta, and Canvas Test in maintenance mode. Reports indicated login issues peaked around 4:30 p.m. on the same day, according to user monitoring tools like DownDetector. The breach affected major institutions, including Carmel Clay Schools in Indiana, as well as Indiana University and Ivy Tech Community College. Instructure stated it was working with forensic experts to investigate the incident and mitigate its impact, emphasizing transparency in its communications. A hacker group named ShinyHunters claimed responsibility for the attack, which reportedly exposed students' names, email addresses, and other personal data. Earlier reports from TechCrunch detailed the extent of the stolen information, highlighting the potential risks for affected students and institutions. Instructure assured users that maintaining trust was its top priority, promising updates as new information became available. The company continues to address the fallout while collaborating with cybersecurity experts to secure its platforms.