Educational technology organization Instructure recently confirmed data was stolen in a cyberattack. 

On May 1, the company disclosed it experienced a cybersecurity incident and was investigating the event alongside third-party experts. The next day, the company announced they believed the incident had been contained. 

The compromised data includes: 

• Names
• Email addresses
• Student ID numbers
• User messages 

At this time, the organization does not believe birth dates, passwords, government identifiers, or financial information were impacted. 

Threat actor group ShinyHunters has claimed responsibility for the attack, asserting that approximately 9,000 schools across the globe have been affected, including 275 million individuals’ data (including students, teachers, and additional staff). 

According to ShinyHunters, this breach — like others in recent weeks — occurred due to a Salesforce misconfiguration. Security leaders of companies using Salesforce should review configuration settings to ensure it is secure. 

Instructure is a United States-based organization and is best known as the parent company of Canvas, a learning management system widely adopted by schools and universities. As the investigation of this matter develops, Instructure intends to keep users informed as appropriate.