/s3/static.nrc.nl/wp-content/uploads/2026/05/07192235/070526VER_2033589800_bardella.jpg)
/s3/static.nrc.nl/wp-content/uploads/2026/05/07102435/070526BIN_2033553804_.jpg)
Canvas Hack Exposes Millions of Student Records Globally
Translated from Dutch, summarized and contextualized by DistantNews.
TLDR
- Hackers collective Shinyhunters claims to have stolen data from 275 million students across approximately 9,000 educational institutions worldwide.
- The stolen data includes names, email addresses, student numbers, and correspondence, though the educational software company Instructure states sensitive personal data like passwords and birth dates were not compromised.
- Security researchers suspect the majority of the data is not sensitive, but the extent and impact of the breach are still being assessed by affected institutions, which are advising students to be vigilant against phishing attempts.
The recent hack targeting the educational software Canvas, perpetrated by the group Shinyhunters, represents a significant data breach with global implications. While the collective claims to have exfiltrated data from millions of students across thousands of institutions, including numerous Dutch ones, the true sensitivity of the information remains a subject of concern and investigation.
wel even slikken
Security experts, like Sijmen Ruwhof, acknowledge the sheer scale of the breach, describing it as "supergigantic" and one of the largest globally. However, Ruwhof's initial assessment suggests that much of the stolen data, such as names and email addresses, may not be highly sensitive. This is attributed to the nature of educational systems, which typically do not store the most critical personal information. Nevertheless, the mention of "billions" of messages and the possibility of more serious implications from correspondence cannot be entirely dismissed.
supergigantisch
Educational institutions affected by the breach are currently grappling with the immediate aftermath. They are in the process of informing students, assessing the full scope of the incident, and reporting to relevant authorities. The University of Amsterdam, Tilburg University, and Avans Hogeschool are among those named as potential victims. The uncertainty surrounding the exact nature and volume of compromised data understandably causes "concern" among students and staff. As a precautionary measure, institutions are advising their communities to remain vigilant against potential phishing scams that could exploit the leaked information.
een van de grootste wereldwijd
This incident, reminiscent of the Odido hack, underscores the persistent threat of cyberattacks on critical infrastructure, even within the education sector. While the immediate focus is on damage control and student notification, the long-term implications for data security in educational technology will undoubtedly be a significant point of discussion and require robust preventative measures.
Mijn vermoeden is dat de gegevens voor het overgrote deel niet gevoelig zijn omdat het een schoolsysteem is.
DistantNews Editorial
Originally published by NRC Handelsblad in Dutch. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.
More Stories
From Our Blog
What Gets Lost (and Found) When News Is Translated
The Critical Role of Diaspora Media in Global News
What Travellers Should Know About Countries with Restricted Press
A Digital Nomad's Guide to Following Local News
How the Same Story Looks Different in Different Countries
