US lawmakers are demanding explanations from education technology company Instructure after a series of cyberattacks exposed sensitive data linked to millions of students and schools worldwide.
The investigation focuses on breaches affecting Canvas, one of the world’s most widely used online learning platforms. Lawmakers want to know how hackers were able to access the system multiple times and what data may have been compromised.
The attacks were linked to the hacking group ShinyHunters, which claimed responsibility for stealing large amounts of student and staff information. Reports suggest the exposed data included names, email addresses, student ID numbers, and private messages exchanged through the platform.
The US House Homeland Security Committee has requested testimony from Instructure executives, with lawmakers questioning whether the company responded quickly enough and properly coordinated with cybersecurity agencies.
The breach has caused widespread concern because Canvas is used by thousands of schools and universities globally. Some institutions reportedly experienced outages and disruptions during exam periods, increasing pressure on the company.
Instructure has since confirmed it reached an agreement with the hackers to secure the return and deletion of stolen data, although the company has not disclosed whether a ransom payment was made.
The incident is now raising broader questions about cybersecurity across the education sector. Schools and universities increasingly rely on centralised digital platforms, making them attractive targets for large-scale cyberattacks.
Experts warn the breach highlights the growing risks around third-party technology providers, where a single vulnerability can affect millions of users across multiple institutions.
Author: Kieran Seymour