Canvas Cyberattack Disrupts Schools Across the Country

A major cybersecurity incident involving the popular learning platform Canvas by Instructure disrupted schools and universities across the United States and around the world this week, leaving students and faculty locked out of coursework, assignments, exams, and messaging systems during one of the busiest academic periods of the academic year.

The outage escalated Thursday after cybercriminal group “ShinyHunters” reportedly defaced portions of the Canvas login experience and threatened to leak massive amounts of educational data unless negotiations occurred before May 12.

According to multiple reports, parent company Instructure temporarily placed Canvas into maintenance mode in an attempt to contain the situation.

Millions Potentially Impacted

Canvas is one of the largest learning management systems in the world and is used by colleges, universities, K-12 schools, and online education programs globally. Institutions reportedly affected include Harvard, UCLA, Duke, Penn, UC campuses, CSU schools, and many others.

The alleged attackers claim data tied to roughly 9,000 schools and as many as 275 million individuals may have been exposed.

Instructure has confirmed a cybersecurity incident involving certain user data, including:

• Names
• Email addresses
• Student ID numbers
• Messages between users

However, the company says there is currently no evidence that passwords, Social Security numbers, government IDs, birthdates, or financial data were compromised.

Oregon Schools Also Affected

While many universities across the country are currently entering finals season, Oregon schools also experienced disruptions tied to the Canvas outage.

Umpqua Community College was among the Oregon institutions affected, though services appeared to be functioning normally again by Friday morning. Students and faculty across the region rely on Canvas for coursework, communication, assignments, and online learning access.

Reports from universities across the country described students being abruptly disconnected from exams, unable to submit assignments, or unable to communicate with professors. Some schools reportedly delayed tests or moved coursework to alternate systems while Canvas remained offline.

Many students first learned something was wrong when they attempted to log in and instead encountered outage notices or ransom-style messages allegedly connected to the attackers.

Who Is ShinyHunters?

ShinyHunters is a well-known cybercriminal group previously linked to several high-profile data breaches involving large corporations and technology companies. Security researchers and media outlets have previously associated the group with attacks targeting companies such as Ticketmaster and Rockstar Games.

Cybersecurity experts warn that even if passwords were not stolen, exposed educational records and communication data could still be valuable for phishing attacks, identity scams, or social engineering campaigns.

What Users Should Do

Students and faculty using Canvas are encouraged to:

• Watch for phishing emails pretending to be from schools or Canvas support
• Avoid clicking suspicious password reset links
• Enable multi-factor authentication where available
• Monitor school communications for official updates
• Change passwords if instructed by their institution

As of Friday, many Canvas services had reportedly been restored, though investigations remain ongoing.

For many students attending classes remotely or relying heavily on online coursework, the incident served as another reminder of how dependent modern education has become on digital infrastructure — and how quickly cybersecurity incidents can disrupt classrooms around the globe.

Sources

• The Wall Street Journal
• Reuters
• The Verge
• San Francisco Chronicle
• TechRadar
• AP News