Instructure data breach: Hacker claims theft of 280 million records from 8,800 schools

Instructure data breach escalates as a self‑identified hacker asserts they extracted ↓ 280 million student and staff records spanning ↓ 8,809 colleges, districts and online platforms.

Instructure data breach details emerge

The claim, posted on a dark‑web forum, lists institutions from the United States to Europe, exposing personal identifiers, grades and financial aid data. Security analysts warn that verification remains pending, but the scale suggests a breach larger than any previous education‑tech incident.

"We have the data of every student on the platform," the hacker wrote, adding that the files could be sold to the highest bidder.

Instructure, the maker of Canvas, has not confirmed the leak but pledged to cooperate with law‑enforcement. Reuters reports that the company is conducting a forensic audit while notifying affected schools.

Educators fear ramifications for enrollment, compliance and reputation. The episode underscores growing vulnerability of cloud‑based learning management systems amid heightened cyber‑espionage activity.

Analysis by Kaelen Frost (Lead Cybersecurity Analyst).