Algo v0.31
Substrate
technology

House Committee Demands Instructure Testimony on Canvas Data Breaches

U.S. House Homeland Security Committee lawmakers are seeking testimony from Instructure after hackers breached the education technology company's systems twice and stole personal data from millions of students. The committee cited repeated use of the same vulnerability and questioned the company's response and coordination with federal authorities.

TechCrunch
itsecuritynews.info
2 sources·May 13, 2:32 PM(16 days ago)·1m read
House Committee Demands Instructure Testimony on Canvas Data Breachesibtimes.com
Audio version
Tap play to generate a narrated version.
Developing·Limited corroboration so far. This page will refresh as more sources emerge.

U.S. House lawmakers are demanding that representatives from Instructure testify about the company's response to two cyberattacks that allowed hackers to steal personal data from millions of students worldwide. The House Homeland Security Committee is investigating the incidents, citing its jurisdiction over government activities relating to homeland security.

The committee's chair wrote in a letter to the company that the panel seeks details on how hackers broke into Instructure's systems on both occasions, the types of data taken, the company's response to the attacks, and its process for notifying affected schools.

The letter also asks about the adequacy of Instructure's coordination with the U.S. cybersecurity agency CISA, which has been called in to help with the incident. The committee cited reporting by TechCrunch in its letter. Instructure makes the Canvas school information portal software used by educational institutions.

The company faced criticism after it acknowledged that the hackers used the same vulnerability to steal sensitive student data and later deface school login pages.

This week Instructure confirmed it reached an agreement with the hackers. The company stated that the hackers provided evidence they had deleted the stolen data. A representative for the ShinyHunters hackers told TechCrunch that the group would not continue to extort the company or its customers. The representative declined to say how much the company had paid as ransom.

The committee chair stated that the second breach by the same hackers raises serious questions about the company's incident response capabilities and its obligations to the institutions and individuals whose data it holds. The letter described the scale and timing of the breaches, along with the company's inability to contain the threat actor after the initial intrusion, as systemic vulnerabilities the committee has a responsibility to examine.

Instructure has not said whether it will respond to the letter or provide testimony. A company spokesperson did not respond to a request for comment.

Key Facts

Two breaches
same vulnerability used twice by hackers
Millions of students
personal data stolen from users worldwide
House Homeland Security Committee
demands company testimony on response and coordination
CISA involved
U.S. cybersecurity agency called in to assist
Agreement reached
with ShinyHunters hackers on data deletion
cybersecuritydata-breacheducation-technologycanvascongressional-oversightdhs

Story Timeline

4 events
  1. May 2026

    House Homeland Security Committee sends letter demanding Instructure testimony on breaches.

    1 sourceTechCrunch
  2. This week

    Instructure confirms it reached an agreement with the hackers who provided deletion evidence.

    1 sourceTechCrunch
  3. Prior weeks

    Hackers used same vulnerability for second breach and defaced school login pages.

    1 sourceTechCrunch
  4. Earlier 2026

    Initial hack allowed theft of personal data from millions of students worldwide.

    1 sourceTechCrunch

Potential Impact

  1. 01

    Schools and students affected by the breaches may receive formal notifications from Instructure.

  2. 02

    Instructure may be required to appear before Congress to detail its cybersecurity practices.

  3. 03

    Educational institutions using Canvas could review or change their data protection policies.

  4. 04

    The committee's examination may lead to broader oversight of education technology vendors.

Transparency Panel

Sources cross-referenced2
Confidence score75%
Synthesized bySubstrate AI
Word count324 words
PublishedMay 13, 2026, 2:32 PM
Bias signals removed4 across 2 outlets
Signal Breakdown
Amplifying 1Framing 1Speculative 1Loaded 1
Original Sources
TechCrunchUS lawmakers demand answers from Instructure after Canvas data breachesitsecuritynews.infoUS lawmakers demand answers from Instructure after Canvas data breachesvia search

Related Stories

World Urban Forum 2026 Draws 57,000 Participants from 176 CountriesEuronews
technology4 hrs agoDeveloping

World Urban Forum 2026 Draws 57,000 Participants from 176 Countries

The 13th World Urban Forum concluded with discussions on housing, climate resilience and urban governance. Organisers reported that the sessions informed future strategic priorities.

Euronews
1 source
Trump Mobile website still lists T1 phone as American-madetheverge.com
technology4 hrs agoDeveloping

Trump Mobile website still lists T1 phone as American-made

The product page for the T1 phone continues to describe the device as American-made. The Verge reported that the site may conflict with FTC advertising rules. The phone was announced in June 2025.

The Verge
1 source
EU Discusses Readiness for Artificial Intelligence ChangesFrance 24
ai4 hrs agoDeveloping

EU Discusses Readiness for Artificial Intelligence Changes

A France 24 program examined whether European Union policies can address the effects of artificial intelligence. The discussion covered potential impacts across daily life and economic sectors.

France 24
1 source