{“lastseen”:”2026-05-06T14:05:10″,”description”:”Instructure, the company behind the Canvas learning management system (LMS), confirmed a cyber incident and subsequent data breach affecting its cloud\u2011hosted environment.\\n\\nThe ShinyHunters ransomware group claims it is behind the attack and says it stole roughly 275 million records tied to students, teachers, and staff.\\n\\nImage courtesy of BleepingComputer\\n\\nThe criminals shared a list of 8,809 school districts, universities, and online education platforms with BleepingComputer whose Canvas instances they claim were impacted, with per\u2011institution record counts ranging from tens of thousands to several million.\\n\\n* * *\\n\\n\\n\\n### See if your personal data has been exposed.\\n\\nSCAN NOW\\n\\n* * *\\n\\n## What to do if your child\u2019s Instructure\/Canvas data was exposed\\n\\nIf you\u2019ve been told that your child was affected by the Instructure breach, you may be wondering what you can do to protect them. Here are some practical steps you can take right away.\\n\\n### 1\\\\. Check what the school and Instructure are saying\\n\\nStart with the notification from the school or district and Instructure\u2019s own updates to understand what data about your child was involved (for example: name, email address, student ID, or course information). Follow any specific steps they recommend for student accounts and keep an eye on follow\u2011up messages in case new information comes to light.\\n\\nMake sure the notification is real before anything else. If anything in the message looks suspicious, such as odd links, pressure to act immediately, or requests for extra data, check this first. Go to the district\u2019s or Instructure\u2019s site directly and use the contact details listed there to verify.\\n\\n### 2\\\\. Lock down your child\u2019s school and learning accounts\\n\\nIf your child has a Canvas or related account, change that password immediately, especially if your school lets students or parents log in with a username and password instead of single sign\u2011on. If your child tends to reuse passwords (for example, using the same one for Canvas, email, and gaming accounts), change those other passwords as well.\\n\\nGive every account its own strong, unique password and consider using a family password manager so you can create and store these without relying on memory. For younger children, you may want to manage these credentials yourself and keep a list of which education platforms they use.\\n\\n### 3\\\\. Turn on multi\u2011factor authentication where possible\\n\\nMulti\u2011factor authentication (MFA) makes it much harder for someone to log into an account with just a password. If your school or district allows it on parent or student accounts (for example, a code sent by SMS, email, or generated in an authenticator app), turn it on and, ideally, have the codes go to a device or app you control.\\n\\nRemind your child that security codes are like short\u2011term passwords. They should never share them with friends, teachers, or anyone claiming to be \u201cIT support,\u201d even if a message looks urgent or uses school branding.\\n\\n### 4\\\\. Consider extra identity protection for minors\\n\\nIf the breach included very sensitive identifiers (such as national ID or Social Security numbers in some regions), ask both the school and the breached provider what protection is being offered for minors, such as credit monitoring or identity restoration services. In some countries, you can also place a credit freeze or similar block on a minor\u2019s file to prevent new accounts being opened in their name.\\n\\nEven if your child is too young to have a credit file today, it\u2019s worth keeping a note of this incident so you remember to check their records once they are old enough.\\n\\n### 5\\\\. Stay alert for follow\u2011on scams\\n\\nAttackers like to reuse stolen data from education platforms to make phishing and scam messages more convincing, mentioning real school names, teachers, or courses. Be especially wary of emails and texts that claim to be from the school, district, or Instructure and that ask you to \u201cconfirm\u201d login details, open unexpected attachments (like \u201cnew assignments\u201d), or pay fees via unusual methods.\\n\\nAs a rule of thumb, avoid clicking links in unsolicited messages about the breach. Instead, open a new browser window and go to the official site or app as you normally would, then log in from there to check for messages.\\n\\n* * *\\n\\n**What do cybercriminals know about you?**\\n\\nUse Malwarebytes\u2019 free **Digital Footprint scan** to see whether your personal information has been exposed online.\\n\\nSCAN NOW”,”published”:”2026-05-06T12:45:54″,”modified”:”2026-05-06T12:45:54″,”type”:”malwarebytes”,”title”:”Millions of students\\u0026#8217; personal data stolen in major education breach”,”source”:””,”references”:””,”id”:”MALWAREBYTES:DFC13BB7E17D8896F83E86B56561999B”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/millions-of-students-personal-data-stolen-in-major-education-cyberattack”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-06T14:05:10″,”description”:”Instructure, the company behind the Canvas learning management system (LMS), confirmed a cyber incident and subsequent data breach affecting its cloud\u2011hosted environment.\\n\\nThe ShinyHunters ransomware group…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-51697","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n