Cyberattack on Canvas disrupts schools and universities across the US

File: Getty images

According to CNN, the attack targeted Canvas, one of the world’s most widely used online learning platforms. Operated by Instructure, Canvas is used by more than 30 million people globally and supports over 8,000 educational institutions, including universities, colleges, and K-12 schools.

On Thursday, students across the country began reporting that they could no longer access course materials, assignments, grades, and communication tools through the platform. Instead of their usual school dashboards, many users were met with a ransom message allegedly posted by the hacking group ShinyHunters. The message claimed the group had breached Instructure’s systems and gained access to sensitive information belonging to millions of students, teachers, and school staff. The hackers threatened to leak the data publicly unless a payment was made.

Several major universities, including Columbia University, Princeton University, Harvard University, and Georgetown University, confirmed they were affected by the incident. Public school systems in multiple states also reported disruptions. For many students, the outage came at a critical moment. Universities are currently in the middle of final exam season, and many professors rely heavily on Canvas to distribute lecture notes, upload assignments, manage exams, and communicate with students. At University of Washington, one student told CNN he attempted to log into Canvas around midday Thursday but instead saw a message from ShinyHunters claiming responsibility for the attack. Similar reports quickly spread across campuses nationwide.

A student from University of Pennsylvania said he was suddenly logged out of his account while studying for exams. According to the student, professors were forced to urgently find alternative ways to send materials and updates to students. Schools and universities in states including California, Florida, Texas, Virginia, Wisconsin, Nevada, North Carolina, Tennessee, Utah, and Oregon reported issues connected to the attack. The FBI confirmed on Friday that it was aware of the disruption and had begun assisting institutions affected by the incident. The agency advised students and staff to wait for official updates from their schools regarding whether personal information may have been compromised. Federal authorities also warned users to be cautious of scammers who may try to exploit the situation by pretending to possess stolen data.

“Receiving a message does not necessarily mean your personal information has been compromised,” the FBI said in a statement, noting that cybercriminals often exaggerate claims in order to pressure victims into making payments.

The cyberattack appears to be connected to an earlier security breach disclosed by Instructure this month. On May 1, the company announced it had experienced a cybersecurity incident involving unauthorized access to certain user data, including usernames, email addresses, student ID numbers, and institutional communications. ShinyHunters later claimed responsibility for that breach as well. In messages published online, the group alleged it had stolen data from 275 million individuals and obtained access to “billions of private messages.” In Thursday’s ransom note, the hackers accused Instructure of ignoring previous warnings and attempting to solve the issue only through security updates instead of negotiating with them. As the disruption spread, Instructure temporarily placed Canvas into maintenance mode while investigating the incident. By late Thursday night, the company said service had been restored for most users.

On Friday morning, Instructure confirmed that an “unauthorized actor” had exploited a vulnerability related to the platform’s Free-For-Teacher accounts. As a precaution, the company temporarily shut down those accounts while restoring the rest of the system.

“Canvas is now fully back online and available for use,” the company said in a statement.

Despite the restoration, some schools had already postponed assignment deadlines and adjusted exam schedules because of the outage. Cybersecurity experts say the incident highlights the growing risks educational institutions face as schools increasingly rely on digital platforms for everyday learning and communication. Former FBI special agent Richard Kolko warned that even if systems are restored, students and staff may still face long-term risks if personal information was exposed.

“They have this information now, and years later it could still be used against students or teachers,” Kolko told CNN. The FBI has advised anyone affected not to respond to ransom demands, suspicious emails, phone calls, or text messages claiming to come from schools, technology providers, or law enforcement agencies. Very little is publicly known about ShinyHunters, but cybersecurity researchers have previously linked the group to several major international data breaches involving large companies and online services.