Home All Victims Instructure Holdings, Inc. (Canva LMS, instructure.com)

Instructure Holdings, Inc. (Canva LMS, instructure.com)

shinyhunters

This record tracks a ransomware attack claimed by the shinyhunters group against Instructure Holdings, Inc. (Canva LMS, instructure.com). It collects the publicly disclosed attack details — sector, location and timeline — as published on the operator's leak site and indexed by Breach House.

Country
United States
Business Category
Education
Employees
+1000
Discovered
2026-05-03
Published
May 03, 2026
Victim ID
ygFBTi10gaGr

Attack Summary

Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII. Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved. Pay or Leak. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Size: 3.65TB+ (uncompressed) | Updated: 3 May 2026 | Warning: FINAL WARNING PAY OR LEAK

Visit Website View Group: shinyhunters
Legal Disclaimer: This ransomware victim record reflects information published on the operator's leak site. Breach.house does not acquire, download, host, access or redistribute unlawfully obtained data. It indexes only publicly visible information posted by ransomware, breach and infostealer operators and open web sources, without accessing the underlying stolen content. The service supports public awareness, legitimate research and cyber-resilience.