
Work Here?
Instructure provides education technology tools, mainly a learning management system called Canvas, which teachers use to create, organize, and deliver course content. It operates on a subscription model where schools, colleges, and corporate training programs pay for access and additional services. Canvas lets educators share materials, assign work, grade, and communicate with students through a centralized online platform. Compared to others in EdTech, Instructure targets a wide range of customers—from K-12 and higher education to corporate training—offering a scalable LMS with multi-institution support and extensive user reach. The company aims to improve teaching effectiveness and student outcomes by making teaching tools easier to use and by broadening access to learning resources across millions of users.
Industries
Enterprise Software
Education
Company Size
1,001-5,000
Company Stage
IPO
Headquarters
Cottonwood Heights, Utah
Founded
2008
People at Instructure who can refer or advise you
Help us improve and share your feedback! Did you find this helpful?
Total Funding
$2.2B
Above
Industry Average
Funded Over
7 Rounds
Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
Health Savings Account/Flexible Spending Account
Unlimited Paid Time Off
Flexible Work Hours
Paid Vacation
Paid Holidays
401(k) Retirement Plan
401(k) Company Match
Tuition Reimbursement
Lifestyle Spending Account
Motivosity - employee recognition program
Colleges hit in cyberattack by group behind Canvas breach, Google says. The cybercrime group ShinyHunters targeted Oracle's PeopleSoft software and may have gained access to data at more than 100 organizations, according to a Thursday report. Published June 12, 2026 Dive brief: * Dozens of higher education institutions may have been hit by another attack from the cybercrime group behind the May hack against Canvas, according to the Google Threat Intelligence Group and cybersecurity firm Mandiant. * From May 27 and June 9, the group ShinyHunters potentially gained access to the systems of over 100 organizations by targeting the Oracle PeopleSoft software suite. A majority of them are based in the U.S., and 68% are within the higher education sector, GTIG and Mandiant said in a post Thursday. * ShinyHunters twice gained unauthorized access to Instructure's Canvas learning management system last month, disrupting final exam season at colleges nationwide. Dive insight: Oracle's PeopleSoft is a wide-ranging software suite that organizations often use for human resources management and financial operations. GTIG and Mandiant, both of which are Google units, said several institutions targeted by ShinyHunters successfully blocked the hack or fixed the vulnerabilities in Oracle's software. But others had their data stolen and published on the group's website. The University of Nottingham, in England, confirmed the following day it had suffered a cybersecurity breach during which a threat actor accessed "a significant amount of data in our student record system." In an email to students, the university said it was still working to assess which data had been accessed. But it was "operating on the precautionary assumption" that the breach included names, email addresses, university IDs and students' course information, as well as some financial and insurance information, according to a copy of the email published by Politics UK. ShinyHunters has claimed credit for the hack. Some of the breached organizations have since received extortion demands, according to tech website Bleeping Computer. On June 10, Oracle released a security alert about the vulnerability ShinyHunters exploited, but the company did not confirm if any of its software users had already been breached. Oracle did not immediately respond to questions Friday. Colleges are a prime target for cybercriminals, both because they hold vast troves of student and employee data and because their systems typically have a massive number of users that turn over regularly. In the Oracle and Instructure hacks, ShinyHunters gained access to data through system vulnerabilities at companies with whom colleges contracted - another big risk facing higher education. The Canvas breaches affected hundreds of institutions and exposed personal information such as users' names, email addresses, student ID numbers and messages, ShinyHunters alleged. The hack came at the tail end of the spring semester and forced many colleges to take Canvas offline amid finals and grading. ShinyHunters set a May 12 deadline for Instructure to reach an agreement with the group or risk the data being leaked. The day before the deadline, Instructure announced it struck a deal to have the stolen data returned. According to cybersecurity experts, the company's deal appears to involve a ransomware payment, against the guidance of the FBI. Instructure CEO Steve Daly later acknowledged the "enormous" effects the abrupt loss of Canvas access had on colleges and K-12 schools. The goal moving forward is "to develop a clear playbook for how we collectively secure our environments and, should something happen that affects system availability, have a redundant ecosystem that our community can rely on," he said in a May 26 statement.
CanvasLMS FFT discontinued, now what? Your Immediate Hybrid LMS Playbook If your school or training program relied on the Canvas Free for Teacher (FFT) edition to run your hybrid courses, you likely woke up recently to a major headache. Instructure has officially shuttered the old free tier following a series of security vulnerabilities, leaving thousands of independent instructors and small medical training programs scrambling without an active Learning Management System (LMS). Canvas has promised an "enhanced product" designed specifically for former FFT users, aiming for a launch sometime this fall. While that is great news for the future, it doesn't help the healthcare or career tech instructor who has students enrolled and an upcoming cohort starting right now. You can't pause your classes to wait for the fall. If you need a backup plan immediately, you have a few realistic options to pivot to today. Here is how they stack up across price, tech requirements, ease of use, features, look and feel, and realistic course construction time. Interactive Tool: Find Your LMS Match To help you decide which path fits your immediate timeline, use its interactive priority selector below. Adjust your institution's priorities - whether you value a zero-dollar budget, advanced tracking, or absolute ease of use - to see which platform matches your situation best. Interactive selector: Find Your LMS Match. Adjust the priority sliders below based on your school's unique resources and requirements to instantly see your top-matched platform. Budget / Price Sensitivity Balanced Flexible Budget Zero Dollar Cost Available Tech Bandwidth Moderate Admin No Code / Non-Tech Server Admin Level Course Construction Speed Moderate (1-2 Days) Can Take a Week Must Start Today Feature Depth Needed Standard Grading Basic Dashboard Advanced Grading & Logs Your best alternative options. TutorLMS (WordPress) Build Time: 8-12 Hours | Cost: Free to $199/yr 100% Match MoodleCloud (Hosted) Build Time: 10-15 Hours | Cost: $100-$1000+/yr Moodle Self-Hosted Build Time: 15-20+ Hours | Cost: Server Hosting Only Google Classroom Build Time: 2-4 Hours | Cost: 100% Free Detailed Breakdown: Pros, Cons, & Build Times To keep its estimates standardized, its Course Construction Time metrics are calculated using a baseline course format: A rigorous 6-week hybrid program mapped entirely to a standard textbook (such as Hartman's Nursing Assistant: The Basics), covering all chapters, setting up gradebooks, and hand-building 10 separate LMS tests/quizzes. 1. Google Classroom (The "Emergency Shortcut") Google Classroom behaves less like a heavy academic LMS and more like a streamlined communication and assignment tracker. * Price: 100% Free. * Technical Skill: None. If you can use Google Drive, you can use this. * Ease of Use: Extremely high for instructors and students alike. * Features: Basic. Grading is functional but lacks complex weighted categories. Attendance must be recorded manually via a spreadsheet or Google Forms. * Look & Feel: Clean and modern, but completely un-customizable. * Integrations: Deeply tied to Google Docs, Slides, and Meet. It lacks native support for deep third-party LTI tools compared to Canvas. * Course Construction Time (6-Week/10-Test Baseline): 2 to 4 Hours. Because building an assignment or quiz simply involves linking a Google Form or Doc, you can move your entire Hartman's curriculum and all 10 tests over in a single afternoon. The Verdict: Best for a rapid, zero-budget emergency transition if your hybrid course doesn't require automated attendance blocks or advanced grade weighting. 2. TutorLMS (The "Branded Academy") TutorLMS is a specialized WordPress plugin. If your training school already uses WordPress for your main public website, this turns a subset of your site into an online student portal. * Price: Free core tier; professional extensions require a premium license. You must also account for your existing web hosting fees. * Technical Skill: Moderate. Requires knowledge of plugin management and basic WordPress administration. * Ease of Use: High for building out visual lessons, though backend settings take some clicking around to configure. * Features: Strong. Features an intuitive drag-and-drop course builder, built-in quiz creators, and solid grade logs. Attendance management requires an extra add-on plugin. * Look & Feel: Beautiful. It automatically matches your current WordPress theme, making your hybrid courses look high-end and entirely your own. * Integrations: Perfect for e-commerce tools like WooCommerce if you charge public students for enrollment, but weak on traditional institutional plugins. * Course Construction Time (6-Week/10-Test Baseline): 8 to 12 Hours. While setting up pages is easy, building out the 10 distinct tests via the WordPress interface and mapping individual textbook chapters to specific sequential blocks takes a few days of focused data entry. The Verdict: Ideal for private trade schools and training centers that want to look professional, maintain their own branding, and keep their students on their own domain name. 3. MoodleCloud (The "Turnkey Enterprise") Moodle is the world's most widely utilized open-source LMS framework. MoodleCloud is their official, cloud-hosted subscription product where they manage the servers for you. * Price: Scales strictly by student limits and storage data. The free trial is small, and small institution tiers quickly jump in cost. * Technical Skill: Low to moderate. No coding or server infrastructure knowledge is needed. * Ease of Use: Medium. Moodle's extensive settings layout creates a steep initial learning curve for instructors accustomed to Canvas's minimalistic layout. * Features: Industrial Grade. It rivals Canvas in gradebook configuration, algorithmic quiz options, and student progress tracking. Attendance tracking is integrated natively. * Look & Feel: Practical but dated out of the box. It feels distinctly clinical and text-heavy. * Integrations: Complete compatibility with core educational data models (SCORM, LTI tools), Zoom, and external portals. * Course Construction Time (6-Week/10-Test Baseline): 10 to 15 Hours. Moodle's assessment engine is incredibly deep, meaning configuring 10 separate tests with precise question behaviors, grading rules, and textbook chapter restrictions takes a substantial time investment. The Verdict: A drop-in structural replacement for Canvas if your curriculum demands heavy gradebook rules and automated attendance tracking, provided you have room in the budget for user seat fees. 4. Moodle Self-Hosted (The "Total Independence" Move) This involves downloading the open-source Moodle software core files and manually deploying them onto your independent web servers. * Price: The software itself is entirely free with no student or storage caps. Your only cost is your basic monthly server web hosting bill. * Technical Skill: Very High. You must know how to configure web servers, databases (MySQL), install updates, and handle security certificates. * Ease of Use: Hard during initialization, though standardizes to match MoodleCloud once the instructor logs into the dashboard. * Features: Absolute. You receive the complete suite of advanced tracking tools, automated reporting, and restriction logic without paying per-student fees. * Look & Feel: Highly flexible if you possess the skills to install custom graphical themes, but clunky by default. * Integrations: Limitless. You can connect any educational API, app, or corporate database directly into your environment. * Course Construction Time (6-Week/10-Test Baseline): 15 to 20+ Hours. Beyond entering the Hartman's reading schedules and programming the 10 tests, you must factor in an initial 3 to 5 hours just configuring the server, establishing email delivery settings, and initializing your user databases. The Verdict: The absolute cheapest and most robust long-term alternative for tech-literate schools that refuse to let a third-party corporation dictate their user access limits. The Hybrid Setup Timeline Cheat Sheet To keep your school on track for your upcoming enrollment cycles, refer to this unified implementation breakdown. Final Takeaway: Pivot Now or Wait for Fall? If your active student cohorts do not begin until late autumn or winter, staying put and waiting to see what Instructure debuts to replace Free for Teacher might make financial sense. However, if you have hybrid classrooms launching this month, you cannot let your program remain in limbo. Evaluate your team's administrative tech skills today. If you need something operational before tomorrow morning, transition your course into Google Classroom. If you require complete structural grade protection and automated attendance without recurring per-seat fees, delegate someone to begin spinning up a Self-Hosted Moodle site immediately.
UST eyes shift to new learning mgmt system. June 1, 2026 THE UNIVERSITY is considering a transition to a new learning management system (LMS) to replace Canvas, the Varsitarian has learned. The planned shift is said to be part of the University's digital transition and was hatched even before the cyberattack on Canvas earlier in May. The Varsitarian sought comments from Asst. Prof. Jerralyn Padua, the assistant to the rector for information and communications technology, but she declined. The development comes after the global cybersecurity incident involving Canvas' parent company, Instructure, that exposed user data such as names, email addresses, and course information and disrupted services at several institutions worldwide. Earlier, UST placed the Cloud Campus under "security maintenance" following the incident, temporarily limiting access to the platform as a precaution. In a May 11 memorandum, Padua said forensic investigations showed "no evidence" of unauthorized access, compromised credentials, or data exfiltration within the University's Canvas setup. The Office of Information and Communications Technology (OICT) said the security breach was isolated to accounts designed for independent educators, tutors, and trainers whose schools did not have a paid institutional Canvas. In a security incident update on May 11, Instructure apologized following the unauthorized access in its platform and a vulnerability discovered on its "Free for Teachers" platform. "The data fields involved include information like usernames, email addresses, course names, enrollment information and messages," Steve Daly, chief executive officer of Instructure, said. Instructure also confirmed it had "reached an agreement with the unauthorized actor involved in this incident." UST and other Dominican-run schools adopted Canvas as their LMS in Academic Year 2023-2024. UST however is not contemplating a return to Blackboard, the LMS used during the Covid-19 pandemic, the Varsitarian has also learned. The shift to Canvas in 2023 ended UST's two-decade partnership with Blackboard, which had served as its LMS since 2003. Under Blackboard, UST became one of the first in the Philippines to implement a large-scale e-learning program. Other top Philippine universities such as Ateneo de Manila University and De La Salle University have been using Canvas as their learning management system since 2020 and 2019, respectively. UST officials earlier described Canvas as a "robust and intuitive" platform, citing its communication tools, data analytics, and capacity to support hybrid and flexible learning setups. With reports from Czeantal Naomi P. Delos Santos
Cyber attack impacts local schools. By Sonia Isaacs THOUSANDS of Queensland students and staff, have had personal information exposed in a global cyber attack targeting the Canvas learning platform, prompting urgent warnings from the State Government and schools across the region. Education Minister John-Paul Langbroek confirmed he was briefed last Thursday (May 7) on the international breach involving Instructure, the company behind the QLearn system used in Queensland state schools since 2020. The incident is believed to have affected more than 9,000 educational institutions worldwide and could involve more than 200 million users. Early investigations indicate exposed data may include names, email addresses, school locations and student ID numbers, although authorities say there is no evidence that passwords, dates of birth or financial information were accessed. Schools across Queensland, including Maleny State High School, have begun notifying families and staff. Principal Deb Stewart said she had been advised by the department's Deputy Director-General for Digital Innovation, Darrin Bond, to reinforce online safety measures. She said guidance, had been provided to help schools respond consistently and support families to stay eSafe. Mr Bond urged vigilance while investigations continue, with schools instructed to monitor updates and report concerns through a dedicated departmental inbox. Principals have also been provided online safety resources for parents and staff. Glass House Mountains state school principal Ian Persini also reassured families that the Department of Education is working closely with Instructure and the Queensland Government Cyber Security Unit. He said there were repeated assurances that passwords and financial information were not at risk, but warned families to remain alert to phishing attempts and suspicious messages. Instructure chief information security officer Steve Proud confirmed the company was investigating the "cybersecurity incident perpetrated by a criminal threat actor" with external forensic experts. He said early findings suggested the compromised data involved identifying information and user messages, but no evidence of sensitive financial or password data. The National Office of Cyber Security is also monitoring the incident as authorities work to determine the full scale of the breach and those responsible.
Massive education breach disrupts schools nationwide - Canvas platform under attack: A parent & Student survival guide. ShinyHunters hacked Canvas just before finals, exposing data from 275 million students across nearly 9,000 schools. Here's exactly what was stolen, what it means for your family, and six steps to protect yourself right now. What's new since its earlier coverage: Its previous posts covered the initial Canvas data theft disclosed in late April and the early school disruptions. Since then, the situation escalated dramatically on May 7 when ShinyHunters defaced Canvas login pages with live ransom demands - visible to students mid-exam - forcing Instructure to take the entire platform offline. Instructure has since confirmed the attackers exploited a vulnerability in Free-for-Teacher accounts, has permanently shut down that account type, and says the platform is fully restored. The May 12 ransom deadline is still active as of this writing. If your kid logged into Canvas this week and saw something that looked absolutely nothing like a school assignment - you weren't imagining it, and you're not alone. Millions of students across the country opened their laptops ahead of finals only to find a ransom note staring back at them instead of their course portal. Here's a plain-English breakdown of what happened, what information is actually at risk, and the concrete steps every parent, student, and school administrator should be taking right now. What happened, and who's behind it. Canvas, the Learning Management System built by Salt Lake City-based Instructure and founded in 2008, is used by tens of millions of students worldwide and is available in over 100 countries. According to Baylor University's notification to students, Canvas "supports learning at 41% of higher education institutions in North America." That reach is exactly what made it such an attractive target. The group responsible is ShinyHunters, a prolific cybercriminal collective that specializes in data theft and extortion. They typically gain initial access through voice phishing and social engineering - often impersonating IT personnel - and then quietly steal data before going public with demands. Their track record includes breaches of ADT, Rockstar Games, McGraw Hill, Medtronic, 7-Eleven, and Carnival, as well as a 2024 campaign that swept credentials from cloud storage provider Snowflake and was used in follow-on attacks against Snowflake customers including TicketMaster. The Canvas attack appears to have started as far back as September 2025. Krebs on Security reports that Cloudskope CEO Dipan Mann has documented at least three separate ShinyHunters intrusions into Instructure's environment over the past eight months, including a breach that exposed University of Pennsylvania donor records and internal memos through Canvas-connected access paths - a breach that was largely framed at the time as a "Penn-specific" incident. The production-scale attack hit on May 1, 2026. When Instructure declared it "contained" on May 2, ShinyHunters apparently still had access. On May 7, they proved it publicly - defacing Canvas login portals at hundreds of institutions with a ransom message that read, per Ars Technica: "ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it, they ignored us and did some 'security patches.'" The deadline for Instructure and individual schools to pay: May 12. Instructure confirmed the attackers exploited a vulnerability tied to Free-for-Teacher accounts - and has since permanently shut that account type down. What data was actually stolen? This is the question every parent deserves a straight answer to. According to Instructure's official statements, the confirmed stolen data includes: * Names * Email addresses * Student ID numbers * Messages between users The company says it has found "no evidence that passwords, dates of birth, government identifiers, or financial information were involved." That's the good news. The less reassuring part: ShinyHunters claims the haul includes data from 275 million people across 8,800 to 9,000 schools, and Krebs on Security notes the group claims it includes several billion private messages between students and teachers. As Arctic Wolf CISO Adam Marrè told The Record: "The biggest risk after incidents like this is not instant identity theft but scams that surface weeks or months later and appear legitimate." That's the real threat to watch for - highly personalized phishing that references your child's actual school, teachers, or course names. The disruption to schools was real and widespread. The timing couldn't have been more deliberately cruel. The Record confirmed outages and warnings to students from schools including Baylor, the University of Texas, Penn, Iowa State, Duke, the University of Oklahoma, the University of Florida, Northwestern, Princeton, and Ohio State - plus numerous K-12 districts. Ars Technica reports the University of Illinois postponed all finals scheduled for Friday through Sunday, and the University of Massachusetts Dartmouth rescheduled or extended exam deadlines. 6 steps parents and students should take right now. ZDNet's breakdown lays out practical action items that Computer Works'd echo and expand on for families in its area: * Check your school's communication channels. Schools are the first line of notification here - check your institution's website, email, and app for guidance specific to your district. * Change your Canvas password immediately - and any other account where you use the same password. A password manager can generate strong, unique passwords and alert you to future leaks. Don't reuse passwords across school, email, and banking accounts. * Enable two-factor or multi-factor authentication (2FA/MFA) on your Canvas account and any linked accounts. This is the single most effective thing you can do to prevent unauthorized access even if credentials are exposed. * Monitor Have I Been Pwned. It's free at haveibeenpwned.com. The Canvas data may not be indexed there yet, but it's worth bookmarking and checking periodically with any email address associated with the account. * Watch your inbox carefully. Instructure should notify affected users directly - but so might scammers pretending to be Instructure or your school. Look for strange grammar, spoofed sender addresses, or requests to click unfamiliar links. When in doubt, verify through a separate channel. * Keep an eye on financial and credit activity as children get older. Even if no financial data was confirmed stolen now, names and student IDs can be combined with other breached data over time. As Malwarebytes recommends, monitoring credit activity is a smart long-term habit for any student whose data may have been exposed. What schools and administrators should do. Instructure itself has recommended that institutions enforce MFA on privileged accounts, review admin access, and rotate API tokens and keys. Beyond that, Malwarebytes advises schools to review their single sign-on (SSO) integrations - because a breach of a platform like Canvas can cascade through any service that trusts its authentication. Schools should also prepare clear, proactive communication templates so that if defacements or data leaks happen again, staff, parents, and students aren't left guessing. Instructure has confirmed it notified the FBI and CISA, and has brought in external cybersecurity experts. The FBI declined to comment, and CISA did not respond to The Record's inquiry. The bigger picture. This breach follows the 2025 PowerSchool incident, in which Ars Technica reported a breach exposed data from 60 million students at 16,000 K-12 schools worldwide. Education technology platforms represent exactly the kind of high-leverage target that groups like ShinyHunters seek out: breach one vendor, pressure thousands of institutions at once. Charles Carmakal, CTO at Google-owned Mandiant Consulting, confirmed to Krebs on Security that "there are multiple concurrent and discrete ShinyHunters intrusion and extortion campaigns happening right now." For Yuba City families and school staff navigating this, the core message is: the platform is back up, but the underlying data is still out there. The risk isn't necessarily today - it's the convincing phishing email that shows up in three months referencing your child's real teacher by name. If you're unsure whether your devices or accounts are properly protected, or if you want help setting up a password manager or enabling MFA, Computer Works is happy to walk you through it at Computer Works. Its membership plan also includes real-time protection and safe browsing tools that can help catch phishing attempts before they become a problem. Stay cautious, keep your software updated, and don't trust any Canvas-related email that asks you to click a link - no matter how official it looks. Related local service Worried this could be malware? If your computer has pop-ups, redirects, suspicious downloads, or ransomware warnings, start with its local virus removal page. cybersecurity small-business-it vulnerability web-security patch-management
Find jobs on Simplify and start your career today
Industries
Enterprise Software
Education
Company Size
1,001-5,000
Company Stage
IPO
Headquarters
Cottonwood Heights, Utah
Founded
2008
Find jobs on Simplify and start your career today