Education technology company Instructure has confirmed a data breach that exposed students’ private information, with the hacking and extortion group ShinyHunters claiming responsibility.

The group says it accessed students’ names, personal email addresses, and messages exchanged between teachers and students — categories of data the company acknowledged were compromised.

Instructure has become the latest major company to fall victim to the ShinyHunters hacking group.

In recent months, the cybercriminals have targeted universities and cloud database providers, seeking to steal large volumes of personal information and threatening to publish the data online unless a ransom is paid.

A member of ShinyHunters shared a sample of the allegedly stolen data with TechCrunch, which included information from two U.S. schools — one in Massachusetts and another in Tennessee.

In the case of the Massachusetts school, the data sample included messages containing names, email addresses and some phone numbers.

For the Tennessee school, the sample showed students’ full names and email addresses.

The sample did not include passwords or other categories of data that Instructure said were not affected by the breach.

ShinyHunters also provided a list of roughly 8,800 schools it claims were impacted by the breach. TechCrunch said it could not independently verify whether all the listed institutions were affected or whether they are customers of Instructure.

On its official website, Instructure states that it serves more than 8,000 institutions worldwide.