Hackers claim to have stolen data from nearly 9,000 schools through Instructure’s Canvas learning management system. The attackers also locked students out of their accounts and gave the company until May 12 to negotiate.

Instructure provides Canvas, a widely used online platform for schools and universities. The breach appears to have exposed student records, staff information and other sensitive data. The hackers have not released details about how they gained access or what specific data was taken.

The Breach

The attack targeted schools that rely on Canvas for course management, assignments and communication. The hackers locked students out of their accounts, disrupting learning for thousands. Instructure has not confirmed the claim but is investigating.

The group behind the attack warned Instructure to negotiate by May 12. If the company does not respond, the hackers may release the stolen data or extend the lockout. This type of extortion is common in ransomware incidents where attackers demand payment in exchange for restoring access and not leaking data.

What Was Stolen

The hackers claim the stolen data includes personally identifiable information for students and staff. This could include names, addresses, grades, attendance records and login credentials. For school districts already struggling with cybersecurity, this breach adds significant risk.

The extent of the data theft is unclear. Instructure has not publicly detailed what systems were compromised or how many users are affected. The company said it is working with law enforcement and cybersecurity experts.

Why This Matters

This breach affects millions of students and educators across nearly 9,000 schools. Educational institutions frequently hold large amounts of sensitive data but often lack strong cybersecurity defenses. A breach of this scale can lead to identity theft, financial fraud and long-term privacy risks for minors.

The lockout also disrupts classroom instruction. Schools using Canvas for daily lessons, homework and grading cannot function normally when students cannot log in. The May 12 deadline adds urgency for Instructure to resolve the situation before more damage occurs.

This incident highlights the growing threat to educational technology. As schools rely more on digital platforms, attackers see them as lucrative targets. Parents, teachers and administrators should watch for phishing attempts and monitor accounts for unusual activity in the coming weeks.