Education technology company Instructure has suffered a data breach that exposed private student information, according to cybersecurity researchers who reviewed samples of the allegedly stolen data.

The breach affects Instructure, which operates Canvas and other widely-used educational platforms serving millions of students and educators worldwide. The company has not yet disclosed the full scope of the incident or the number of users potentially affected.

Security experts who examined portions of the compromised data confirmed that student records were among the information accessed by the attackers. The specific types of student data involved in the breach have not been fully detailed by the company.

Instructure has not publicly announced when the breach occurred or provided details about how the attackers gained access to their systems. The company also has not indicated whether law enforcement agencies have been notified about the incident.

The breach represents another significant cybersecurity incident in the education technology sector, which has increasingly become a target for cybercriminals seeking access to personal information of students and educators. Educational institutions and their technology vendors maintain vast databases of sensitive personal information that can be valuable to malicious actors.