EdTech Company Instructure Confirms Data Breach Amidst Growing Hacking Concerns

Instructure Data Breach Exposes Personal Info of 275 Million Individuals

Cybersecurity researchers have discovered a massive data breach involving education technology company Instructure, which owns the popular learning platform Canvas.

• The breach, disclosed on April 30, resulted in the unauthorized disclosure of sensitive personal information belonging to approximately 275 million individuals, including students, teachers, and staff members from nearly 9,000 educational institutions worldwide.
• The compromised data includes names, addresses, and student identification numbers, while user messages were also accessed by the attackers.
• However, Instructure stated that passwords, dates of birth, government identifiers, and financial information were not compromised during the incident.

To mitigate the damage, Instructure took swift action, revoking privileged credentials and access tokens, deploying security fixes, and implementing additional monitoring measures.

• While the company did not disclose the number of institutions and users affected, it confirmed that access to its Canvas Data 2 platform was restored on May 3.
• The breach serves as a stark reminder of the importance of robust cybersecurity measures in protecting sensitive data, particularly in industries handling large volumes of personal information.
• As the investigation into the breach continues, Instructure has emphasized its commitment to transparency and cooperation with authorities, vowing to take necessary steps to prevent similar incidents in the future.

This incident highlights the critical need for organizations to prioritize cybersecurity and implement robust defenses against sophisticated attacks, underscoring the significance of ongoing vigilance and proactive measures to safeguard sensitive data and maintain trust in digital ecosystems.

About Author

Vaibhav

See author's posts