Ransomware victim disclosure
← All victimsInstructure, Inc.
listed as Instructure.com - Canvas · Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileInstructure, Inc. is a US-based education technology company best known for developing Canvas, a widely adopted Learning Management System (LMS) used by educational institutions and students worldwide. The company also offers Bridge, an employee development and engagement platform for corporate clients. Instructure serves millions of users across K-12, higher education, and enterprise sectors globally.
- Industry
- Education Technology (Learning Management Systems)
- Employees
- 1001-5000
- Founded
- 2008
Attack summary
Severity: high — Instructure/Canvas serves millions of students and educators globally; a confirmed data publication by ShinyHunters against an LMS platform implies likely exfiltration of large-scale PII (student and educator records), which is sensitive regulated data. However, specific data types and volumes are unconfirmed, preventing a 'critical' rating.ShinyHunters claims to have compromised Instructure/Canvas and has published data, though the leak post provides no explicit detail on whether encryption or exfiltration (or both) occurred, nor the volume or nature of the data disclosed.
Data the group says was taken
AI dossier — extracted from the leak post- User account data
- Student records
- Educator/instructor data
- Learning management system content
- Potentially enterprise employee data (Bridge platform)
Original description
AI-summarised, not from the leak postInstructure Inc. is a technology company that developed the Canvas Learning Management System (LMS). Founded in 2008, Canvas is used by educators and students worldwide to connect and integrate digital learning resources into a school's curriculum. Upgraded features include assessment and reporting tools, plus customizable apps. They also offer Bridge, an employee development and engagement software for businesses.
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

