US lawmakers demand answers from Instructure after Canvas data breaches

U.S. House lawmakers have initiated an inquiry into Instructure, the educational technology provider behind the popular Canvas learning management system, following revelations of two distinct data breaches¹. Congressional representatives are demanding comprehensive explanations regarding how malicious actors managed to repeatedly infiltrate Instructure's systems, leading to the exfiltration of extensive student data. The incidents specifically targeted Canvas, the company's flagship platform, which serves as a central repository for academic and personal information for millions of students globally. Lawmakers are seeking detailed information on the nature of the vulnerabilities exploited, the scope of the compromised data, and Instructure's response and remediation efforts. This legislative push reflects heightened scrutiny on data security practices within the ed-tech industry, particularly concerning platforms that handle sensitive student records. For cybersecurity practitioners, this case underscores the persistent challenges in securing critical infrastructure within education and the imperative for continuous vigilance against sophisticated threats impacting third-party vendors.