The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.
Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.
Which seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:
“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Read more…
Source: Malwarebites Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Authorities disrupt world’s largest IoT DDoS botnets responsible for record breaking attacks targeting victims worldwide
March 19, 2026
ANCHORAGE, Alaska – The U.S. Justice Department participated in a court-authorized law enforcement operation today to disrupt Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid and Mossad Internet of Things (IoT) botnets. The operation was conducted simultaneously to law enforcement actions conducted in Canada and Germany, which targeted individuals who operated these botnets. ...
- CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
March 19, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers. The agency said on Thursday that it was urging companies to take action and confirmed it was ...
- Unpacking a new Horabot campaign in Mexico
March 18, 2026
In this instalment of Kaspersky SOC Files series, Kaspersky researchers will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot, a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex attack chain. Although previous research ...
- Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
March 18, 2026
Marquis, a technology company used by hundreds of banks to analyze and visualize their customers’ data, says hundreds of thousands of people had their personal and sensitive financial information stolen in a ransomware attack last year. The Plano, Texas-based fintech company is notifying at least 672,075 people that hackers stole their information during the August 2025 ...
- Notorious online data leak market BreachForums taken down by whitehat heroes
March 17, 2026
BreachForums, one of the most popular underground forums for sharing malware, stolen data, and more – was taken down. Now, the admin seems to be giving up and looking for someone to pass the torch to. Over the weekend, the Cyber Counter-Intelligence Threat Investigation Consortium (CCITIC) posted on LinkedIn, saying that both the clearnet and Tor ...
- EU sanctions Chinese and Iranian companies for cyber attacks
March 16, 2026
The European Union on Monday imposed sanctions against two China-based and one Iranian company for cyber attacks against EU member states. The EU listed China-based Integrity Technology Group and Anxun Information Technology, and Iranian company Emennet Pasargad. Integrity Technology is seen to have enabled hacks of over65,000 devices across six member states, according to an EUstatement. ...