โ† Back to Stories

Global Canvas data breach affects Australian education institutions

3 hours ago4 articles from 2 sources

Consensus Summary

A global data breach of the Canvas learning management system, developed by Instructure, has compromised sensitive information from tens of thousands of Australian students and staff, including those in Queensland state schools, TasTAFE, Flinders University, and the University of Melbourne. The breach, confirmed on May 2, 2026, potentially affects over 200 million people worldwide across more than 9,000 institutions. Compromised data includes names, email addresses, student IDs, and messages, but no evidence suggests passwords, dates of birth, financial information, or government identifiers were accessed. Instructure stated the incident was contained, though the hacking group ShinyHunters claimed responsibility. Australian education authorities are coordinating responses, with Queensland prioritizing support for families with known domestic violence or child safety concerns. While the breach has not been publicly released, institutions are investigating impacts and notifying affected individuals.

โœ“ Verified by 2+ sources

Key details reported by multiple sources:

  • The breach affected the Canvas learning management system, developed by American company Instructure, which is used by thousands of education providers worldwide, including Australian universities, TAFE, and state schools.
  • Tens of thousands of Queensland students and teachers studying or working at Queensland state schools since 2020 were affected by the breach.
  • The compromised data includes names, email addresses, student ID numbers, and messages between users, but no evidence of passwords, dates of birth, government identifiers, or financial information being accessed.
  • Instructure confirmed the breach was perpetrated by a criminal threat actor and stated that the incident was contained, with no ongoing unauthorized activity.
  • TasTAFE confirmed that some of its students' data, including messages, was compromised by a criminal third party.
  • The breach impacted more than 9,000 institutions worldwide, potentially affecting over 200 million people globally.
  • The breach occurred on Saturday, May 2, 2026 (Australian time).
  • Queensland Education Minister John-Paul Langbroek stated that school principals were contacting families and teachers about the breach, and the department was providing priority support to families with known family and domestic violence or child safety concerns.
  • Flinders University in Adelaide confirmed that student and staff data within the Canvas platform 'may have been impacted'.
  • The University of Melbourne was notified of the cyber incident and is working with Instructure to confirm and respond to any impacts.

Points of Difference

Details reported by only one source:

ABC News
  • Notorious hacking group ShinyHunters claimed responsibility for the breach, having previously claimed responsibility for hacking Rockstar Games.
  • The federal government's National Office of Cyber Security is coordinating a response to the breach.
  • The compromised Canvas data has not been publicly released at this stage.
  • Tasmania's Department of Education confirmed state schools used the Canvas platform to track learning between staff and students and that it had been notified about the breach, though the specific impact is still under investigation.
  • A New South Wales Department of Education spokesperson said they were working to determine if any NSW schools had been impacted, noting that schools using the departmental sign-on do not have their passwords stored with Canvas, so there is no risk of credential exposure in those cases.
News.com.au
  • Instructure claimed the matter was resolved and posted on its website that Canvas is fully operational with no ongoing unauthorized activity.

Contradictions

Conflicting information between sources:

  • Article 1 and Article 3 state that the breach impacted Queensland students and staff since 2020, but Article 4 does not specify a timeframe for the impact on TasTAFE or other institutions.
  • Article 1 mentions that the hackers were demanding a ransom, but this detail is not confirmed in Article 2 or Article 3.

Source Articles

ABC

Major data breach sees student details compromised

Education institutions around the country are scrambling to respond to a global data breach that's affected Australian universities, TAFE and state schools in Queensland.

6 hours ago
NEWSCOMAU

Major data breach rocks Aussie schools, unis

A major cybersecurity breach has compromised the personal data of tens of thousands of Australian students across schools and universities โ€“ leaving institutions scrambling.

4 hours ago
ABC

Breaking: Tens of thousands of Qld students affected in education software breach

Tens of thousands of Queensland students and teachers have been caught up in a major data breach, with names, school locations, and emails likely compromised.

8 hours ago
ABC

'Personal information' of Australian students potentially stolen in Canvas data hack

The international learning management software Canvas, used by various universities and schools, was hacked on Saturday. One of the facilities impacted says some of its data has been accessed by a "criminal third party".

Yesterday