In the Scam of the day for May 9, 2026 I told you about the data breach at the educational technology company Instructure which makes the hugely popular learning management system Canvas.  Canvas is used by school districts and universities around the world.  As many as 275 million records of its users were compromised.  The notorious ransomware gang ShinyHunters claimed responsibility for the data breach and publicly shared a list of 8,809 school districts, universities and online education platforms from which they claimed to have information.  Fortunately, the data breach did not appear  to have included passwords, dates of birth or financial information such as credit card data.

ShinyHunters is known for using the psychological tactic of social engineering to gain entry to its target companies’ computers rather than hacking into their computers.  They then demand a ransom or threaten to disclose all of the information stolen to other criminals to use.  In this case, ShinyHunters even did a second data breach to pressure Instructure to pay the demanded ransom, which the company has now confirmed that it has done.  In return for the ransom payment, ShinyHunters has indicated that it has returned the stolen data and destroyed their copies of it. ShinyHunters has also promised not to use the data for further extortion.  Whether they can be trusted not to do so is an open question.  Certainly it would hurt their future ransomware attacks if they are found not to adhere to their bargains.  However,  in a similar type of data breach in 2024 of PowerSchool, the data from the breach was later used by other cybercriminals after a ransom had been paid.

TIPS

Even though it appears that passwords were not compromised, it would be prudent for anyone affected by the data breach to change their password.  You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. Dual factor authentication should also be set up if it is not already being used.

If you have not already done so, set up dual factor authentication for each of your accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.

Finally and most importantly, the threat of other scammers using this data breach as a basis for other scams is still present.  Be wary of calls, emails or text messages that appear to be related to the data breach, particularly communications asking for personal information in regard to data breaches as that is a favorite tactic of  hackers to lure you into providing personal information that can lead to your becoming a victim of identity theft.  Scammers often pose as the breached company and contact victims of the data breach to convince them to provide personal information. As always, don’t click on any links in emails or text messages related to the data breach which may be from scammers.  Instead go to your school’s Canvas account directly or to your school’s website for information you can trust.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/