House Panel Investigates 2 Canvas Breaches, Demands Instructure Briefing by May 21
Updated
Updated · POLITICO · May 11
House Panel Investigates 2 Canvas Breaches, Demands Instructure Briefing by May 21
12 articles · Updated · POLITICO · May 11
Andrew Garbarino and the House Homeland Security Committee opened an investigation into Instructure after two recent breaches of its Canvas learning platform, saying the incidents raise questions about the company’s response and security obligations.
ShinyHunters claimed a second breach late last week after Instructure refused to negotiate a ransom tied to an initial attack, and the company shut down Canvas for several hours, disrupting universities and K-12 schools across the U.S.
By May 21, Garbarino wants Instructure officials to brief lawmakers on how both breaches happened, what they are doing to contain the threat, how affected institutions are being notified, and how they are working with CISA and law enforcement.
The case adds to broader concern about cyber weaknesses in education technology, with Canvas hosting tests, readings and other core teaching materials for schools nationwide.
As ransomware gangs cripple schools and hospitals, is the private sector losing the war against organized cybercrime?
With hackers turning smart devices into spy networks, how can nations defend against attacks originating from within their own homes?
As Chinese labs steal U.S. AI models, are we entering a new Cold War fought with algorithms instead of arms?
275 Million Records Exposed: Congressional Scrutiny and Systemic Failures in the 2026 Instructure Canvas Data Breaches
Overview
Between April and May 2026, Instructure’s Canvas platform suffered a series of major cyberattacks by ShinyHunters, exposing sensitive data from millions of users and disrupting operations at thousands of educational institutions. Despite initial claims that the breach was contained, attackers repeatedly accessed the system, highlighting deep security weaknesses in centralized, cloud-based learning management systems. The outages came at a critical time for schools, causing widespread concern and urgent warnings to users. These incidents revealed systemic vulnerabilities in educational technology, prompting congressional scrutiny and calls for stronger data protection, better oversight, and new policy measures to safeguard student and faculty information.