Students on the first day of the academic year at the University of Amsterdam’s Science Park campus, 4 September 2023- Credit: NL Times / NL Times - License: All Rights Reserved

Hackers steal data from 44 Dutch schools in massive breach of education platform Canvas

A large-scale cyberattack on the Canvas education platform has exposed data from dozens of Dutch educational institutions, RTL reports.

The Dutch impact affects 44 institutions across the country, according to a list of victims shared on the dark web by the hacking group ShinyHunters and reviewed by BNR. Named institutions include the University of Amsterdam, Vrije Universiteit Amsterdam, Windesheim University of Applied Sciences, and The Hague University of Applied Sciences. Also listed are Deltion College in Zwolle and the Grafisch Lyceum in Haarlem.

Hackers accessed a database belonging to Canvas developer Instructure. Stolen data includes names, email addresses, student numbers, and messages exchanged between users, according to the report.

The hackers have set a deadline of May 7, which falls on a Thursday, demanding payment from affected schools. According to the message shared by ShinyHunters, institutions may negotiate individually. “If schools in the list are interested in preventing the release of their data, contact us privately to reach an agreement,” the group said. Reporting indicates that Instructure, Canvas’s parent company, has not agreed to the hackers’ demands.

In parallel, ShinyHunters has claimed responsibility for a broader breach affecting more than 275 million individuals across roughly 9,000 educational institutions worldwide, spanning students, educators, and staff.

ShinyHunters, described by sources familiar with the group as a relatively small operation with only a handful of core members based in Canada and France, is known for targeting companies that provide services to multiple organizations, allowing them to access large numbers of systems through a single breach.

In the Netherlands, the group has previously been linked to attacks on telecom company Odido in 2026, Ticketmaster in 2024, and adult platform Pornhub in 2025, incidents in which data from about 1.5 million Dutch accounts was reportedly taken.