Educational company Infrastructure reports cyber incident

A cyber incident disrupted operations this weekend at Infrastructure, the educational company behind popular learning tool Canvas. 

The company initially reported a cybersecurity incident conducted by cybercriminals on Friday night, warning customers that an investigation was commenced to understand the extent of the attack. 

By Saturday, Infrastructure’s chief information security officer Steve Proud confirmed that the hackers gained access to information about users at some educational institutions, including names, email addresses, student ID numbers and messages between users. 

Proud said the incident was contained with the help of cybersecurity experts. The containment effort included revoking privileged credentials and access tokens, deploying patches and more. Some of these measures disrupted tools used by customers. 

He added that no financial information, passwords or government documents were stolen. 

Infrastructure is best known for Canvas, a popular learning management system used by dozens of schools, universities and businesses to create and deliver educational courses. The platform is used widely by teachers to host content, grade assignments and more. 

The attack was claimed by the ShinyHunters group on Sunday afternoon. The cybercriminal gang said it stole 3.6 TB of data that included information from more than 9,000 schools. Infrastructure did not respond to requests for comment about the claims. 

The Utah-based company was previously targeted by ShinyHunters during a run of attacks in September. The group has executed multiple attack campaigns targeting data storage platforms over the last two years, allowing them to extort several high-profile institutions. 

The most recent string of attacks over the last month include incidents involving home security company ADT, educational company McGraw Hill and gaming giant Rockstar. 

The group previously targeted schools like Harvard and the University of Pennsylvania during breaches in the fall.

Hackers have repeatedly stolen educational data from large third-party companies like Infrastructure. In January 2025, education software company PowerSchool announced a hack which exposed sensitive student and teacher data, including special education status, mental health details, disciplinary notes and parent restraining orders.

The hacker obtained data belonging to 62 million students and 9.5 million teachers. The company is facing multiple lawsuits for the allegedly weak cybersecurity practices that led to that breach, including a failure to use multifactor authentication. In February, Powerschool settled at least one class action lawsuit for $17.25 million.