Education is witnessing a notable shift in the cyber threat landscape in which attackers are bypassing individual schools in favor of software providers that support modern digital learning.
Education technology (EdTech) vendors have emerged over the last several years as valuable supply chain targets, including learning management systems (LMS), student information platforms, and cloud-based academic services.
Through a single compromise, threat actors can gain access to thousands or hundreds of educational institutions across a wide range of industries.
The recent attacks on the Canvas platform of Instructure, which disrupted online examinations, as well as the large-scale security breach of PowerSchool, which exposed sensitive student data, underscore how cybercriminals are evolving their tactics so that they can maximize operational disruption, data theft, and financial leverage by striking the technology ecosystem instead of the end users.
The recent attacks on the Canvas platform of Instructure, which disrupted online examinations, as well as the large-scale security breach of PowerSchool, which exposed sensitive student data, underscore how cybercriminals are evolving their tactics so that they can maximize operational disruption, data theft, and financial leverage by striking the technology ecosystem instead of the end users.
With an increased reliance on cloud-native educational infrastructure, financial motivated threat actors have also become increasingly exposed to attacks. Recent activity attributed to groups such as ShinyHunters and FulcrumSec indicates this shift toward more targeted and technically sophisticated attacks against the EdTech sector.
The ShinyHunters hacking collective has been reported to have compromised learning platforms serving educational institutions around the world, allegedly stealing millions of records containing names, email addresses, physical addresses, and other personally identifiable information (PII) from them.
Several security assessments have linked these compromises to vulnerabilities such as insufficiently protected API endpoints and exposed cloud databases, vulnerabilities that frequently appear when rapidly expanding EdTech providers prioritize scalability over mature security controls.
Data exposed on dark web marketplaces has increased the risks of phishing, credential abuse, identity theft, and follow-on attacks, reinforcing concerns that the adoption of student information systems, learning management systems, and other cloud-based academic platforms outpaces the establishment of robust cybersecurity governance within the education technology supply chain.
Data exposed on dark web marketplaces has increased the risks of phishing, credential abuse, identity theft, and follow-on attacks, reinforcing concerns that the adoption of student information systems, learning management systems, and other cloud-based academic platforms outpaces the establishment of robust cybersecurity governance within the education technology supply chain.
In March of 2026, ShinyHunters allegedly compromised the widely used Infinite Campus Student Information System (SIS) and exfiltrated personally identifiable information from more than 137,000 school staff accounts through a Salesforce-related data theft incident. The campaign has continued to expand in scope throughout 2026.
Considering Infinite Campus’ extensive footprint in the U.S. education sector, the breach has broader implications for the organization. Infinite Campus supports approximately 3,200 school districts and manages records for approximately 11 million students from 46 different states. As of June 16, 2026, ShinyHunters also identified Glendale Community College, Moody Bible Institute, Illinois Central College, and Houston City College as its latest victims.
In contrast to conducting isolated attacks against individual campuses, the increasing victim list illustrates a deliberate strategy to target centralized education platforms that can affect multiple institutions at once rather than focusing on isolated attacks.
There has been a parallel escalation in the ransomware ecosystem where FulcrumSec has claimed responsibili
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: