Ransomware victim disclosure
← All victimsInstructure, Inc.
listed as Instructure.com - Canvas · Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileInstructure, Inc. is a US-based education technology company best known for developing Canvas, a widely adopted Learning Management System used by K-12 schools, higher education institutions, and educators worldwide. The company also offers Bridge, an employee development and engagement platform for corporate clients. Instructure serves millions of users globally across thousands of institutions.
- Industry
- Education Technology (Learning Management Systems)
- Employees
- 1001-5000
- Founded
- 2008
Attack summary
Severity: high — Instructure/Canvas serves millions of students and educators globally; a confirmed data publication by a ransomware group at an edtech platform of this scale likely involves significant PII (student and staff data) across thousands of institutions, warranting a high severity rating even without explicit enumeration of data volume.Hunters International claims to have attacked Instructure (Canvas LMS) and has published data as part of a disclosed leak, though the specific nature of the attack (encryption, exfiltration, or both) and the volume of data are not explicitly stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Student records
- Educator accounts
- Institutional data
- Learning management system data
- Employee development platform data
Original description
AI-summarised, not from the leak postInstructure Inc. is a technology company that developed the Canvas Learning Management System (LMS). Founded in 2008, Canvas is used by educators and students worldwide to connect and integrate digital learning resources into a school's curriculum. Upgraded features include assessment and reporting tools, plus customizable apps. They also offer Bridge, an employee development and engagement software for businesses.
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

