A backend compromise of the Instructure Canvas platform by threat actor SHADOW-AETHER-015 has exposed sensitive data from 8,809 educational institutions across 50 countries, including all eight Ivy League universities.

Key Points

• The breach affects 8,809 institutions, including 2,514 higher education entities and 1,616 K–12 school districts.
• Compromised data includes sensitive personal disclosures, such as medical accommodation requests and private advisor communications.
• Impacted regions span 50 countries, with 94.6% of affected institutions located in the United States.
• Threat actor SHADOW-AETHER-015 likely gained access through backend infrastructure or sophisticated API exploitation.
• Institutions are advised to re-authorize API integrations, enforce multi-factor authentication, and prepare for targeted spear-phishing campaigns.

Why it Matters

This breach poses a severe risk because the stolen data allows attackers to craft highly convincing, context-aware phishing messages that appear to originate from legitimate academic sources. The exposure of sensitive personal and medical information necessitates urgent compliance reviews regarding FERPA, COPPA, and HIPAA regulations across the affected global education and healthcare sectors.