Canvas outage tied to cyberattack disrupts college finals across U.S.

2026-05-10 By Main Street Independent

The Canvas learning management platform, used by thousands of U.S. schools and universities for exams, grades, and course materials, was knocked offline by a cyberattack during the spring 2026 finals period.
Instructure, Canvas’s parent company, said the platform was available to most users by late Thursday, but some schools continued to block access pending security assessments.
The hacking group ShinyHunters claimed responsibility; Emsisoft threat analyst Luke Connolly described the group as a loose association of teenage and young adult hackers in the U.S. and the United Kingdom.
The breach exposed student ID numbers, email addresses, names, and messages, but Instructure’s chief information security officer, Steve Proud, said no passwords, birth dates, government identification, or financial information were compromised.
The University of Massachusetts Dartmouth and the University of Illinois postponed exams, and Montgomery County Public Schools in Maryland limited Canvas access, citing an abundance of caution.
Cybersecurity experts urged students and educators to watch for phishing attempts and follow basic cyber hygiene practices, including strong passwords and multifactor authentication.

A cyberattack on the Canvas learning management system threw the spring 2026 finals season into disarray at colleges, universities, and school districts nationwide this week. The platform, which serves as a digital hub for exams, grades, lecture videos, and student-instructor messaging, went down after the hacking group ShinyHunters claimed responsibility for the breach, according to the cybersecurity firm Emsisoft.

Instructure, the parent company of Canvas, said late Thursday that the platform was available again to most users. By Friday, the group’s name no longer appeared on a site where ShinyHunters lists its victims — though some schools continued to block access out of what they called an abundance of caution.

A platform at the center of campus life

Canvas operates as a gradebook, a portal for digital lectures and course materials, a discussion board, and a messaging platform. Many courses also use it to administer quizzes and final exams, or as the deadline submission point for papers and projects. The outage hit squarely in the middle of finals period, a high-stress window when students and instructors rely on the system most heavily.

Who is ShinyHunters?

“ShinyHunters is a loose association of teenage and young adult hackers in the United States and the United Kingdom,” said Luke Connolly, a threat analyst at Emsisoft. The group has been linked to other large-scale cyberattacks, including one on Ticketmaster, he said. On a webpage listing their targets, the group described itself as “rooting your systems since ‘19,” using a term for gaining access to a computer system’s deepest layer.

Earlier in the week, ShinyHunters said that nearly 9,000 schools and 275 million individuals’ data could be leaked if institutions did not pay a ransom by May 6. After some schools engaged in negotiations, the group extended the deadline. A statement posted to the group’s ransomware site said it would not comment on the incident.

Exams postponed, access limited

The University of Massachusetts Dartmouth said it would postpone exams scheduled for Friday and Saturday to give students time to review materials that had been inaccessible during the shutdown. The University of Illinois postponed all exams scheduled for Friday through Sunday for all classes, regardless of whether the courses used Canvas. Montgomery County Public Schools in Maryland continued to limit access to Canvas on Friday, saying it needed “to better understand the full impact of the incident and any potential vulnerabilities involving information connected to the platform.”

What data was exposed

Instructure’s chief information security officer, Steve Proud, said in an update shared May 2 that the breach appeared to involve student ID numbers, email addresses, names, and messages on the Canvas platform. He said the company had not found evidence that passwords, dates of birth, government identification, or financial information were compromised.

Staying safe after the breach

Even with service restored, cybersecurity experts urged caution. “Be very suspicious of any inbound messages,” said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, particularly if an email demands urgent action, such as resetting a password. Phishing campaigns often follow major breaches, with attackers impersonating school districts or other trusted entities.

Steinhauer and other experts said the breach is a reminder for consumers to revisit basic “cyber hygiene.” That includes creating hard-to-guess passwords, enabling multifactor authentication where available, and monitoring accounts for suspicious activity. The Federal Trade Commission also notes that the three nationwide credit bureaus — Equifax, Experian, and TransUnion — offer free credit freezes and fraud alerts to help protect against identity theft.

Machine-readable details

Article metadata

Published: 2026-05-10
Topic tags: computing and information technology, education, disaster
Primary entities: Canvas, Instructure, ShinyHunters, Emsisoft, University of Massachusetts Dartmouth, University of Illinois, Montgomery County Public Schools, Cliff Steinhauer, Luke Connolly, Steve Proud
Themes: Education technology, Cybersecurity, Data privacy
Framework version: 1.3.0
Generated: 2026-05-29T14:14:14Z
Consensus floor: v0.3.0
Mindspec: v0.3.0