US House Panel Launches Formal Investigation Into Instructure Over Massive Canvas Data Breach

A congressional panel has initiated a formal investigation into Instructure Holdings following allegations that the company's Canvas learning management system suffered a significant cyberattack. The probe centers on claims by threat actors that approximately 280 million data records were exfiltrated from nearly 9,000 schools and online education platforms. The US House committee is seeking detailed briefings and documentation from the company as it escalates scrutiny over the incident.

The breach reportedly disrupted operations at educational institutions during a critical period, with schools experiencing difficulties during final examinations. Instructure, which provides the widely-used Canvas platform to academic institutions, has not publicly confirmed the full scope of the incident. However, the scale of the claimed breach, attributed by threat actors to the ShinyHunters group, positions this as one of the larger attacks targeting the education technology sector in recent years.

The investigation raises pressure on Instructure to demonstrate transparency regarding its security posture and incident response timeline. Educational institutions relying on Canvas are now confronting questions about the protection of student and faculty data. The congressional probe signals heightened regulatory attention on EdTech vendors and their obligations to safeguard sensitive institutional information.