Instructure Faces Cybersecurity Incident
Instructure, the company behind the popular Canvas learning platform, has recently reported a cybersecurity incident and is actively looking into its effects.
Based in the United States, Instructure is known for developing Canvas, a learning management system used by schools, universities, and organizations to manage coursework, assignments, and online education.
Steve Proud, the Chief Security Officer, stated, “Instructure recently experienced a cybersecurity incident caused by a criminal threat actor. We are working with external forensic experts to investigate this matter.”
He emphasized that the company is moving quickly to understand the incident’s scope and is taking steps to lessen its impact. “Maintaining your trust is our highest priority, and we are committed to being transparent throughout this process,” he added.
Instructure plans to update the public with new information as their investigation progresses. Since May 1, some services, such as Canvas Data 2 and Canvas Beta, have been under maintenance, and customers have been warned about potential issues with tools that depend on API keys. However, the company has not confirmed if this maintenance is connected to the security incident.
Instructure has not responded to inquiries about the incident as of yet.
Growing Threat to Education Technology Companies
There has been a noticeable increase in cyberattacks on education technology firms, mainly due to the vast amount of personal information they keep about students and teachers.
Earlier this year, in January, PowerSchool, an educational software provider, revealed a data breach where a threat actor claimed to have accessed information from 62 million students.
In September 2025, Instructure faced another security issue from a social engineering attack, which allowed attackers to access data in its Salesforce system. The attacker known as ShinyHunters claimed responsibility and shared the data on a leak site.
Other education companies like Infinite Campus have also been targeted, with reports of data theft from their Salesforce environments.
As the investigation continues, schools and users are left eager for updates on this significant incident.
