• Home
  • cyber
  • Instructure and Infinite Campus: Data breach hits Canvas learning platform serving millions
cyber Breach

Instructure and Infinite Campus: Data breach hits Canvas learning platform serving millions

Jan 1, 2025 2 min read
Instructure and Infinite Campus: Data breach hits Canvas learning platform serving millions

Instructure Investigates Cybersecurity Breach Impacting Canvas LMS Users

Instructure, the provider of Canvas one of the world’s leading learning management systems (LMS) has confirmed a cybersecurity incident involving a criminal threat actor. The company is actively investigating the breach with the assistance of external forensics experts to determine its full scope and impact.

In a statement, Steve Proud, Instructure’s Chief Information Security Officer (CISO), acknowledged the incident and outlined initial response measures. The company has implemented heightened monitoring across its platforms and reissued certain security keys as a precaution, requiring some users to re-authorize access to affected tools. While there is no evidence the keys were misused, the move aims to mitigate potential risks.

Preliminary findings suggest attackers may have accessed or exfiltrated user-identifying data, including full names, email addresses, student ID numbers, and messages. However, Instructure has stated there is no current evidence that more sensitive information such as passwords, dates of birth, government IDs, or financial details was compromised. Should this assessment change, the company has committed to notifying impacted institutions.

Proud later confirmed that the incident has been contained and expressed gratitude for users’ patience while investigations continue. The breach reflects a growing trend of cyberattacks targeting educational technology platforms, which store vast amounts of personal data. Recent incidents include PowerSchool’s 2025 extortion attempt and Infinite Campus’s 2026 Salesforce breach, underscoring the sector’s vulnerability to threat actors.

Source: https://news.az/news/data-breach-hits-canvas-learning-platform-serving-millions

Instructure cybersecurity rating report: https://www.rankiteo.com/company/instructure-inc-

Infinite Campus cybersecurity rating report: https://www.rankiteo.com/company/infinite-campus

"id": "INSINF1777891308",
"linkid": "instructure-inc-, infinite-campus",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Canvas LMS users',
                        'industry': 'Educational Technology',
                        'name': 'Instructure',
                        'type': 'Company'}],
 'customer_advisories': 'Users may need to re-authorize access to affected '
                        'tools; notification promised if sensitive data '
                        'compromise is confirmed',
 'data_breach': {'data_exfiltration': 'Possible',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Low to moderate (no passwords, '
                                        'financial details, or government IDs)',
                 'type_of_data_compromised': ['Full names',
                                              'Email addresses',
                                              'Student ID numbers',
                                              'Messages']},
 'description': 'Instructure, the provider of Canvas, confirmed a '
                'cybersecurity incident involving a criminal threat actor. The '
                'company is investigating the breach with external forensics '
                'experts to determine its full scope and impact. Attackers may '
                'have accessed or exfiltrated user-identifying data, including '
                'full names, email addresses, student ID numbers, and '
                'messages. No evidence of compromise of sensitive information '
                'like passwords, dates of birth, government IDs, or financial '
                'details was found as of the latest assessment.',
 'impact': {'data_compromised': 'User-identifying data (full names, email '
                                'addresses, student ID numbers, messages)',
            'systems_affected': 'Canvas LMS'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Instructure Statement'}],
 'response': {'communication_strategy': 'Public statement acknowledging the '
                                        'incident and outlining response '
                                        'measures',
              'containment_measures': 'Incident contained, heightened '
                                      'monitoring implemented, security keys '
                                      'reissued',
              'enhanced_monitoring': 'Heightened monitoring across platforms',
              'remediation_measures': 'Re-authorization of access to affected '
                                      'tools',
              'third_party_assistance': 'External forensics experts'},
 'threat_actor': 'Criminal threat actor',
 'title': 'Instructure Cybersecurity Breach Impacting Canvas LMS Users',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.