Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools

Summary

Canvas, a widely-used learning management system, was taken offline Thursday after ShinyHunters exploited a vulnerability in Free-For-Teacher accounts, affecting approximately 9,000 schools globally. The hacking group claimed access to billions of private messages and student records, demanding ransom and threatening data leaks. The system was restored Friday, though concerns remain about compromised personal data and the timing of the attack during final exams.

Full text

Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil. Elizabeth Polo was in a creative writing class at the University of Maryland late Thursday afternoon when a classmate shouted, “Canvas got hacked.” A message from a hacking collective flashed on her computer screen. “Our whole class just like was like freaking out about it,” said Polo, a junior. “Our poor professor was trying to get everyone to calm down but it was just kind of chaos.” Across academia, the outage set off panic and confusion as students and faculty members found themselves locked out of a platform they rely on to manage grades and access course notes and assignments. Colleges scrambled to reschedule final exams as students lost any way to access materials they needed to study. Instructure, the company behind Canvas, said in an update late Thursday that the system was available for most users. “Instructure discovered the unauthorized actor involved in our ongoing security incident made changes to the pages that appeared when some students and teachers were logged in,” Instructure said Friday in a statement. “Out of an abundance of caution, we immediately took Canvas offline to contain access and further investigate.”Advertisement. Scroll to continue reading. Instructure also said it confirmed that the unauthorized actor exploited an issue related to its Free-For-Teacher accounts. The company has temporarily shut down those accounts. Instructure did not say whether it paid a ransom nor has it said what happened with the compromised data. Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District. Hackers breached data days before the outage A hacking group called ShinyHunters claimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said. The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance. Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised. Canvas went down just as deadlines were hitting The outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico. “They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.” That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs. “Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.” Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage. Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day. “The concern is for those of us who were doing the grading if there’s anything left,” Uzat said. Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online. If those assignments and grades could not be recovered, Jang would have given his students full credit. “I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.” A reliance on tech makes schools vulnerable The breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running. “What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology. Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system. “There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.” Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident. ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat. “You fixed it, but you already have the water in the boat,” he said. Written By Associated Press More from Associated Press Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational PlatformCyberattack Hits Canvas System Used by Thousands of Schools as Finals LoomWorries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s LeadersUS Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified SystemsGermany Suspects Russia Is Behind Signal Phishing That Targeted Top OfficialsUS Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian SenatorTrump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in USMost Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says Latest News Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution SolutionMicrosoft Rolls Out Mitigations for ‘YellowKey’ BitLocker BypassAI-Powered App Attacks Are Faster, More Frequent and Harder to Stop1Password Teams With OpenAI to Stop AI Coding Agents From Leaking CredentialsAnthropic Silently Patches Claude Code Sandbox BypassOver 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain AttackCaught Off Guard: Securing AI After It Hits ProductionReal-World ICS Security Tales From the Trenches Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are pe

Entities