Data Breach Roundup (May 1 - May 7, 2026)

Instructure confirms data breach, ShinyHunters claims attack

Instructure is an ed-tech giant best known for Canvas, a "learning management" system used by schools at all levels to help manage coursework, assignments, and online learning. Attackers claim to have taken over 240 million records tied to students, teachers, and staff containing names, email addresses, enrolled courses, and private messages. If true, evidence suggests the dataset spans 15,000 institutions in North America, Europe, and Asia. At this time little else has been said, but attackers have also been causing downtime on the platform itself, disrupting students as finals are right around the corner.

Trellix discloses data breach after source code repository hack

Trellix is a cybersecurity firm formed after the 2021 merger of McAfee and FireEye. Trellix has disclosed that some source code was accessed, but has not confirmed if attackers had stolen any customer data or sent a ransom demand.

Vimeo data breach exposes personal information of 119,000 people

A small update to a story from last week. While Vimeo still hasn't officially confirmed how many victims this attack impacted, Have I Been Pwned says it uploaded the email addresses of 119,200 people. Vimeo says that credentials and financial information were not impacted.

Instructure confirms data breach, ShinyHunters claims attack

Trellix discloses data breach after source code repository hack

Vimeo data breach exposes personal information of 119,000 people

Community Discussion