Instructure confirms cybersecurity incident | Cybersecurity Dive
Instructure confirms cybersecurity incident | Cybersecurity Dive
https://www.cybersecuritydive.com/news/instructure-confirms-cybersecurity-incident/819637/
Publish Date: 2026-05-09 00:07:00
Source Domain: www.cybersecuritydive.com
Dive Brief:
- A recent cybersecurity attack at Instructure ed tech company exposed certain student information, the ed tech company confirmed in a status update on its website Friday, but added in a Saturday update that it believes the incident has been contained.
- Information impacted by the data breach includes messages between users, names, email addresses and student ID numbers, according to Instructure. The company said no passwords, dates of birth, government identifiers, or financial information were believed to have been compromised as of Saturday.
- While Instructure said it is actively investigating the incident alongside forensics experts, the company has not disclosed how many school districts were affected.
Dive Insight:
Instructure, on its homepage, touts itself the “most-visited education website in the world.” The company operates several ed tech products for K-12 schools, including the widely used Canvas learning management system.
Canvas has over 6 million “concurrent users,” according to Instructure’s website. Instructure did not explicitly say the breach had affected Canvas, but did report it was investigating disruptions to some Canvas tools and putting the learning management system under maintenance around the same time it announced the data breach.
Upon request for comment and further details regarding the cybersecurity incident, Instructure told K-12 Dive in a Tuesday email to check the company’s status page, where it said updates on the breach would be provided as they become available.
In response to the incident, Instructure said on its status page, the company has revoked privileged credentials and access tokens related to the affected systems, deployed patches to increase system security, and heightened monitoring across all of its platforms.
The incident at Instructure marks the latest known data breach for a large ed tech vendor with sweeping implications…
