Instructure paused delivery of breach-related data for the Canvas learning management system after identifying a potential security threat tied to a third-party data-delivery platform. The pause follows Instructure’s prior response to an alleged extortion effort in which ShinyHunters claimed access to personal data across thousands of institutions. In recent communications, Instructure CEO Steve Daly said the company was proceeding only after it could verify the platform’s safety, emphasizing that data remains secure while the forensic review continues. The company had planned to begin sending the first wave of details via a permissioned ShareFile link. For higher education IT and security leaders, the development adds another compliance and risk-management checkpoint as institutions prepare to respond to breach notifications and coordinate incident communications with Instructure and their own security contacts.
Get the Daily Brief