Live disclosure tracker · updated continuously

Education Sector Data Breaches

Universities, K-12 districts, and ed-tech vendors hold massive student-record databases that attract identity-theft operations and ransomware groups. Below is every education-sector breach LeakTrace has indexed.

98B+
Records Exposed
448
Incidents
94+
Countries
+104%
Breach Velocity YoY
Browse by sector
All breaches Healthcare Finance Government Technology Retail Education Legal
Browse by year
2024 2025 2026 ★ Worst of 2026

Education Sector Data Breaches (448 indexed)

medium · education · Jun 29, 2026

ZA: Copying the wrong person

Jan Vermeulen reports: Misdirected internal emails that expose personal information can trigger mandatory data breach reporting under South Africa’s data privacy law, POPIA, even when the disclosure was accidental. Arman

medium · education · Jun 18, 2026

Data analysis of the Global

In Part 1,  DataBreaches published some totals and aggregate data from the recent Global Schools Group data breach. All analyses and statistics were provided to this site by FulcrumSec, who had attacked Global Schools Gr

View incident → Original disclosure Indexed 2 weeks, 1 day ago
medium · education · Jun 8, 2026

Oxford University

The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]

View incident → Original disclosure Indexed 3 weeks, 4 days ago
critical · education · May 16, 2026

Illuminate wins another round in

The Supreme Court of California has ruled in J.M. v. Illuminate Education, Inc., a case closely watched by those concerned about holding edtech vendors liable in the event of a data breach. As background on the case: In

View incident → Original disclosure Indexed 1 month, 2 weeks ago
medium · education · May 12, 2026

Homeland Security wants to know

Breaches involving school-related vendors such as PowerSchool and Instructure are causing major headaches for schools, students, and parents. They are also getting more attention from Congress. While some breaches have n

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · education · May 11, 2026

Instructure

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]

View incident → Original disclosure Indexed 1 month, 3 weeks ago
critical · education · May 8, 2026

Canvas Breach Disrupts Schools &

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime gro

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · education · May 8, 2026

Instructure

The ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · education · May 7, 2026

Canvas login portals

The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. [...]

View incident → Original disclosure Indexed 1 month, 3 weeks ago
medium · education · May 5, 2026

Student

A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). [...]

View incident → Original disclosure Indexed 1 month, 4 weeks ago