Cyberattack knocks Canvas offline at thousands of schools as finals loom

Article

The Canvas platform, which hosts grades, course notes, assignments, and lecture videos for thousands of school districts and universities, went dark Thursday, leaving faculty and students scrambling for offline alternatives. Luke Connolly, a threat analyst at the cybersecurity firm Emisoft, said the hacking group ShinyHunters claimed responsibility for the breach at Instructure, the Utah-based company that operates the learning management system. Instructure did not immediately respond to requests for comment regarding the nature of the outage.

Connolly said ShinyHunters posted online claiming that nearly 9,000 schools worldwide were affected. The group stated it had accessed billions of private messages and other academic records stored on the platform. Screenshots provided by Connolly showed the group began threatening to leak the data on Sunday, setting deadlines for Thursday and May 12. Connolly said the extended deadline suggests that negotiations regarding possible extortion payments are still underway.

Students flooded social media to report access failures, sparking anxiety as final exams approach across the country. Damon Linker, a senior lecturer in the political science department at the University of Pennsylvania, posted on the social platform X that his students relied entirely on Canvas for semester readings and lecture slides ahead of their Monday final exams. The outage leaves students and faculty “dead in the water here in academia right now,” he said.

Universities and public school districts moved quickly to notify families and deploy contingency plans. The director of information technology at the University of Iowa’s College of Public Health told the campus community that the disruption is “being reported as a national-level cyber-security incident” and that officials hope for a “resolution soon.” Virginia Tech and the University of New Mexico acknowledged the impact on end-of-semester activities in campus notices. The University of Florida urged students to remain alert for phishing messages appearing to come from Canvas amid the disruption.

The impact rippled across major institutions and public school districts alike. At Harvard, students reported the system was down campus-wide, according to the student newspaper. Johns Hopkins University students encountered error messages when attempting to view final grades on Thursday. Meanwhile, the University of Texas at San Antonio announced it would delay finals originally scheduled for Friday due to the outage. The Spokane, Washington, public school district reassured parents that officials were not “aware of any sensitive data contained in this breach.”

Rich in digitized records, educational institutions have become prime targets for criminal hackers exploiting the sector’s rapid transition from paper-based files to centralized cloud systems. Connolly noted that the Canvas incident closely resembles a recent breach at PowerSchool, a competing learning management provider, in which a Massachusetts college student was previously charged. Connolly described ShinyHunters as a loose affiliation of teenagers and young adults operating in the U.S. and U.K., previously linked to cyber incidents targeting Ticketmaster, a subsidiary of Live Nation.

Faculty members are manually rerouting students to email or offline backups to review materials and submit final projects while the platform remains inaccessible. The sudden disruption highlights the systemic vulnerability of centralized educational technology networks during high-stakes testing periods.

Instructure has not posted any official updates regarding the attack on its corporate social media accounts. Emisoft and other cybersecurity firms continue to monitor ShinyHunters’ communication channels for further threats or data dumps as the May 12 deadline approaches.