// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Instructure
Breach Record

Instructure

DISCLOSED 2026-05-27 · RANSOMWARE · RANSOMWARE

Education tech firm Instructure shut down access to its Canvas platform after a breach by hackers known as ShinyHunters. The incident paralyzed thousands of schools across the US on Thursday. The attack involved ransomware.

The record

What we know

Disclosed
2026-05-27
Attack vector
Ransomware
Sector
education technology
Country
US
Domain
instructure.com
RANSOMWARE
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

Insufficient details about the attack method to determine if a positive-security model would have prevented it.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other ransomware breaches on file

This page is the permanent ColdRecon entry for the Instructure disclosure. It updates if new public reporting emerges. All tracked breaches →

Instructure just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →