{"id":239435,"date":"2026-05-03T03:00:00","date_gmt":"2026-05-03T07:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/03\/instructure-canvas-cybersecurity-incidents-analysis-of-2025-salesforce-breach-and-2026-canvas-data-2-beta-security-event-rescana\/"},"modified":"2026-05-05T08:10:13","modified_gmt":"2026-05-05T12:10:13","slug":"instructure-canvas-cybersecurity-incidents-analysis-of-2025-salesforce-breach-and-2026-canvas-data-2-beta-security-event-rescana","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/03\/instructure-canvas-cybersecurity-incidents-analysis-of-2025-salesforce-breach-and-2026-canvas-data-2-beta-security-event-rescana\/","title":{"rendered":"Instructure Canvas Cybersecurity Incidents: Analysis of 2025 Salesforce Breach and 2026 Canvas Data 2 & Beta Security Event \u2013 Rescana"},"content":{"rendered":"

Instructure Canvas Cybersecurity Incidents: Analysis of 2025 Salesforce Breach and 2026 Canvas Data 2 & Beta Security Event \u2013 Rescana<\/a><\/p>\n

https:\/\/www.rescana.com\/post\/instructure-canvas-cybersecurity-incidents-analysis-of-2025-salesforce-breach-and-2026-canvas-data-2-beta-security-event<\/a><\/p>\n

Publish Date: 2026-05-03 03:00:00<\/a><\/p>\n

Source Domain: www.rescana.com<\/a><\/p>\n

Executive Summary<\/strong><\/h2>\n

On May 1, 2026, Instructure<\/strong>, the provider of the widely used Canvas<\/strong>\u00a0learning management system, publicly disclosed a cybersecurity incident and initiated an investigation with external forensics experts. The company placed Canvas Data 2<\/strong>\u00a0and Canvas Beta<\/strong>\u00a0into maintenance mode, warning customers of potential disruptions to services relying on API keys. As of this report, Instructure<\/strong>\u00a0has not confirmed nor ruled out the exposure of personally identifiable information (PII) in this incident. This event follows a previous breach in September 2025, when a social engineering attack targeting Instructure<\/strong>\u2019s Salesforce<\/strong>\u00a0instance resulted in unauthorized access to publicly available business contact information, but not to product or customer data. The September 2025 incident was attributed by public claim to the threat actor ShinyHunters. Both incidents highlight the persistent targeting of education technology firms, which hold significant volumes of sensitive student and educator data. Instructure<\/strong>\u00a0has notified federal law enforcement regarding the September 2025 breach and has implemented additional security measures. The investigation into the May 2026 incident is ongoing, and no technical details or confirmed data exposure have been disclosed as of the latest available information. All information in this summary is based on official disclosures and sector analysis as of May 1, 2026. [https:\/\/www.instructure.com\/resources\/blog\/security-incident-update], [https:\/\/www.bleepingcomputer.com\/news\/security\/edu-tech-firm-instructure-discloses-cyber-incident-probes-impact\/], [https:\/\/techjacksolutions.com\/scc-intel\/instructure-canvas-discloses-second-cybersecurity-incident-in-eight-months-amid-ongoing-investigation\/]<\/p>\n

Technical Information<\/strong><\/h2>\n

The September 2025 incident at Instructure<\/strong>\u00a0was the result of a social engineering attack, specifically targeting the company\u2019s Salesforce<\/strong>\u00a0instance. Social engineering refers to the manipulation of individuals into…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Instructure Canvas Cybersecurity Incidents: Analysis of 2025 Salesforce Breach and 2026 Canvas Data 2 &…<\/p>\n","protected":false},"author":1,"featured_media":239437,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.rescana.com\/post\/instructure-canvas-cybersecurity-incidents-analysis-of-2025-salesforce-breach-and-2026-canvas-data-2-beta-security-event\/cover.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,34],"class_list":["post-239435","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239435"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=239435"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239435\/revisions"}],"predecessor-version":[{"id":239439,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239435\/revisions\/239439"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/239437"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=239435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=239435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=239435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}