Hackers just stole data from 9,000 schools and unis around the world. How can we protect student privacy?
headphones
Listen to the eFinder podcast briefing
Generate a natural audio summary of this story
Daily briefing
What to know about Hackers just stole data from 9,000 schools and unis around the world. How can we protect student privacy?
The article reports on a cybersecurity breach of the Canvas learning management system by the group ShinyHunters, affecting numerous educational institutions globally. It discusses the risks of platform concentration in education technology and suggests several security improvements for institutions and governments.
Propaganda risk
10%
Claims checked
10
Techniques found
0
Topics
0
Coverage spectrum
Coverage gap: Low Left coverage7 sources compared across this story cluster. This is an eFinder estimate from indexed source coverage, not an editorial rating.
What happened
This week, US-based education technology provider Instructure announced a significant cybersecurity incident affecting its Canvas system.
Why it matters
This is used by schools and universities around the world, including in Australia.
Common ground
Cyber crime group ShinyHunters has claimed responsibility.
Perspective signals
No major persuasion pattern has been attached yet, so the source, headline, and evidence should carry most of the weight for readers.
Follow-up questions
- What concrete event or decision sits underneath the headline: Hackers just stole data from 9,000 schools and unis around the world. How can we protect student privacy??
- What evidence would most clearly confirm or weaken the claim that Cyber crime group ShinyHunters has claimed responsibility?
- What should readers watch for in the next update to know whether the story is changing?
The article reports on a cybersecurity breach of the Canvas learning management system by the group ShinyHunters, affecting numerous educational institutions globally. It discusses the risks of platform concentration in education technology and suggests several security improvements for institutions and governments.
open_in_new
Read the original article: https://theconversation.com/hackers-just-stole-data-from-9-000-schools-and-unis-…
analyticsAnalysis
10%
Propaganda Score
confidence: 95%
Low risk. This article shows minimal use of propaganda techniques.
fact_checkClaims Checked
eFinder analyzed this article and checked 10 claims against available evidence, cross-references, web search, and Wikipedia. Here is what the fact-checking layer found.
check_circle
Corroborated
7
verified
Verified By Reference
2
help
Insufficient Evidence
1
Claim 1: “Cyber crime group ShinyHunters has claimed responsibility.”
CORROBORATED
Multiple independent sources, including Cyber Intel Brief and other news reports, state that the group ShinyHunters claimed responsibility for the breach.
travel_explore
web search
NEUTRAL
— Instructure confirms data breach, ShinyHunters claims attack.Over 300,000 Penn users affected in Canvas hack, cybercrime group claims.
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
travel_explore
web search
NEUTRAL
— ShinyHunters has claimed responsibility for a data breach at Instructure, the provider of the Canvas learning management system, alleging the theft of 3.65 TB of data affecting approximately 275 milli…
https://www.dataminr.com/resources/intel-brief/shinyhunters-…
https://www.dataminr.com/resources/intel-brief/shinyhunters-…
travel_explore
web search
NEUTRAL
— A hacking group claimed responsibility for a data breach affecting the company that owns the platform, jeopardizing the personal data of millions of students and teachers.
https://www.nytimes.com/2026/05/07/education/canvas-hacked-d…
https://www.nytimes.com/2026/05/07/education/canvas-hacked-d…
Claim 2: “US-based education technology provider Instructure announced a significant cybersecurity incident affecting its Canvas system.”
CORROBORATED
Multiple independent web sources confirm that Instructure disclosed a cybersecurity incident affecting the Canvas system.
travel_explore
web search
NEUTRAL
— A system that thousands of schools and universities use was offline Thursday during a cyberattack, creating chaos as students tried to study for finals and underscoring education's dependence on techn…
https://apnews.com/article/cyberattack-schools-canvas-instru…
https://apnews.com/article/cyberattack-schools-canvas-instru…
travel_explore
web search
NEUTRAL
— Educational technology organization Instructure recently confirmed data was stolen in a cyberattack. On May 1, the company disclosed it experienced a cybersecurity incident and was investigating the e…
https://www.securitymagazine.com/articles/102283-instructure…
https://www.securitymagazine.com/articles/102283-instructure…
travel_explore
web search
NEUTRAL
— Instructure confirms cybersecurity incident The ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.
https://www.k12dive.com/news/instructure-confirms-cybersecur…
https://www.k12dive.com/news/instructure-confirms-cybersecur…
Claim 3: “Other common systems include Moodle and Blackboard”
VERIFIED BY REFERENCE
Wikipedia and official Moodle sources confirm that Moodle and Blackboard are widely used learning management systems (LMS).
travel_explore
web search
NEUTRAL
— Moodle (/ ˈmuːdəl / MOO-dəl) is a free and open-source learning management system written in PHP and distributed under the GNU General Public License. [3][4] Moodle is used for blended learning, dista…
https://en.wikipedia.org/wiki/Moodle
https://en.wikipedia.org/wiki/Moodle
travel_explore
web search
NEUTRAL
— Moodle is a Learning Platform or Learning Management System (LMS) - a free Open Source software package designed to help educators create effective online courses based on sound pedagogical principles…
https://moodle.org/
https://moodle.org/
travel_explore
web search
NEUTRAL
— Teach & learn better with Moodle: the best and most popular LMS for online teaching and learning management in K-12, higher education, and workplace
https://moodle.com/
https://moodle.com/
Claim 4: “In Australia, students at institutions such as the University of Melbourne have been unable to submit assignments amid a global outage.”
CORROBORATED
Multiple sources report the outage in Australia, specifically mentioning the University of Melbourne and students' inability to submit assignments.
menu_book
wikipedia
NEUTRAL
— Melbourne ( MEL-bərn, locally [ˈmæɫbən] ; Boonwurrung/Woiwurrung: Narrm or Naarm) is the capital and most populous city of the Australian state of Victoria and the second most-populous city in Austral…
https://en.wikipedia.org/wiki/Melbourne
https://en.wikipedia.org/wiki/Melbourne
menu_book
wikipedia
NEUTRAL
— Stuart Forbes Macintyre (21 April 1947 – 22 November 2021) was an Australian historian, and Dean of the Faculty of Arts at the University of Melbourne from 1999 to 2008. He was voted one of Australia…
https://en.wikipedia.org/wiki/Stuart_Macintyre
https://en.wikipedia.org/wiki/Stuart_Macintyre
menu_book
wikipedia
NEUTRAL
— Tertiary Students Christian Fellowship is an evangelical Christian student movement with affiliate groups on university campuses in New Zealand. It is a member of the International Fellowship of Evang…
https://en.wikipedia.org/wiki/Tertiary_Students_Christian_Fe…
https://en.wikipedia.org/wiki/Tertiary_Students_Christian_Fe…
+ 3 more evidence sources
Claim 5: “In 2025, there were reports ransomware attacks in schools and universities had jumped by 23% over the previous year.”
VERIFIED BY REFERENCE
While Wikipedia provides general information on ransomware groups (Akira, Conti), there is no specific evidence in the provided results confirming a 23% jump in attacks specifically for the year 2025.
menu_book
wikipedia
NEUTRAL
— Akira is ransomware which emerged in March 2023. It targeted over 250 entities including: US energy firm BHI Energy, Nissan Australia, the Finnish IT services provider Tietoevry, and Stanford Universi…
https://en.wikipedia.org/wiki/Akira_(ransomware)
https://en.wikipedia.org/wiki/Akira_(ransomware)
menu_book
wikipedia
NEUTRAL
— Conti is malware developed and first used by the Russia-based hacking group "Wizard Spider" in December, 2019. It has since become a full-fledged ransomware-as-a-service (RaaS) operation used by numer…
https://en.wikipedia.org/wiki/Conti_(ransomware)
https://en.wikipedia.org/wiki/Conti_(ransomware)
menu_book
wikipedia
NEUTRAL
— Ransomware as a service (RaaS) is a cybercrime business model, allowing ransomware developers to write and sell harmful code or malware to other hackers, often known as affiliates, for their own initi…
https://en.wikipedia.org/wiki/Ransomware_as_a_service
https://en.wikipedia.org/wiki/Ransomware_as_a_service
Claim 6: “The Queensland government’s “early advice” is students and staff working or studying at public schools since 2020 have been affected.”
CORROBORATED
Two independent sources report the Queensland government's advice regarding students and staff in public schools since 2020 being affected.
menu_book
wikipedia
NEUTRAL
— A massive open online course (MOOC ) or an open online course is an online course aimed at unlimited participation and open access via the Web. In addition to traditional course materials, such as fil…
https://en.wikipedia.org/wiki/Massive_open_online_course
https://en.wikipedia.org/wiki/Massive_open_online_course
travel_explore
web search
NEUTRAL
— Data from that breach was released online after a ransom was not paid. It is understood the compromised Canvas data has not been publicly released at this stage. State schools, universities and TAFE a…
https://www.abc.net.au/news/2026-05-07/canvas-data-breach-in…
https://www.abc.net.au/news/2026-05-07/canvas-data-breach-in…
travel_explore
web search
NEUTRAL
— The Queensland government’s “early advice” is students and staff working or studying at public schools since 2020 have been affected.
https://theconversation.com/hackers-just-stole-data-from-9-0…
https://theconversation.com/hackers-just-stole-data-from-9-0…
+ 1 more evidence source
Claim 7: “The hack has seen school login pages defaced.”
CORROBORATED
TechCrunch and other news sources specifically report that hackers defaced school login pages by injecting HTML files.
travel_explore
web search
NEUTRAL
— TechCrunch saw a message published by the cybercrime group ShinyHunters on the Canvas login pages of three separate schools. A review of the defaced portals shows that the hackers injected an HTML fil…
https://techcrunch.com/2026/05/07/hackers-deface-school-logi…
https://techcrunch.com/2026/05/07/hackers-deface-school-logi…
travel_explore
web search
NEUTRAL
— The hack has seen school login pages defaced. In Australia, students at institutions such as the University of Melbourne have been unable to submit assignments amid a global outage.
https://theconversation.com/hackers-just-stole-data-from-9-0…
https://theconversation.com/hackers-just-stole-data-from-9-0…
travel_explore
web search
NEUTRAL
— Hackers deface school login pages after claiming another Instructure hack.Edu tech firm Instructure discloses cyber incident, probes impact.
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
Claim 8: “Instructure confirmed the exposed information may include names, email addresses, student identification numbers and private messages exchanged between users.”
CORROBORATED
Multiple sources confirm Instructure's disclosure that exposed data includes names, email addresses, student IDs, and private messages.
travel_explore
web search
NEUTRAL
— Compromised Data: The exposed data reportedly includes student identifiers and billions of private messages. Next Steps: Adopt an assume breach mindset.
https://lumu.io/blog/instructure-canvas-breach-k12-supply-ch…
https://lumu.io/blog/instructure-canvas-breach-k12-supply-ch…
travel_explore
web search
NEUTRAL
— Instructure confirmed the exposed information may include names, email addresses, student identification numbers and private messages exchanged between users.
https://theconversation.com/hackers-just-stole-data-from-9-0…
https://theconversation.com/hackers-just-stole-data-from-9-0…
travel_explore
web search
NEUTRAL
— Data confirmed as compromised includes names, email addresses, student ID numbers, and private messages exchanged between users. There is currently no evidence that passwords, government identifiers, …
https://www.rescana.com/post/instructure-canvas-data-breach-…
https://www.rescana.com/post/instructure-canvas-data-breach-…
Claim 9: “Almost 9,000 educational institutions, involving 275 million students, teachers and staff are understood to be caught up in the data breach.”
CORROBORATED
The specific figures of 9,000 institutions and 275 million individuals are reported by Cyber Intel Brief and other news sources reporting on the ShinyHunters claim.
menu_book
wikipedia
NEUTRAL
— ShinyHunters is a black-hat criminal hacker and extortion group that is believed to have formed in 2019, and is said to have been involved in a significant amount of data breaches. The group often ext…
https://en.wikipedia.org/wiki/ShinyHunters
https://en.wikipedia.org/wiki/ShinyHunters
menu_book
wikipedia
NEUTRAL
— Instructure Holdings, Inc. is an educational technology company based in Salt Lake City, Utah, United States. It is the developer and publisher of Canvas, a web-based learning management system (LMS).
https://en.wikipedia.org/wiki/Instructure
https://en.wikipedia.org/wiki/Instructure
menu_book
wikipedia
NEUTRAL
— The following is a list of episodes of South Korean reality-variety show The Return of Superman, which used to be part of a segment of Happy Sunday. The pilot first aired on 19 September 2013. As of 2…
https://en.wikipedia.org/wiki/List_of_The_Return_of_Superman…
https://en.wikipedia.org/wiki/List_of_The_Return_of_Superman…
+ 3 more evidence sources
Claim 10: “incidents involving Canvas and another platform, PowerSchool, demonstrate a growing “platform concentration risk”.”
INSUFFICIENT EVIDENCE
No evidence was found in the provided search results to support the claim regarding 'platform concentration risk' involving Canvas and PowerSchool.
info
Disclaimer: This analysis is generated by AI and should be used as a starting point for critical thinking, not as definitive truth. Claims are verified against publicly available sources. Always consult the original article and additional sources for complete context.