Canvas Back Online but Still Restricted at Many Schools

Instructure’s Canvas learning platform, used by 9,000 schools in the U.S., Australia, and Europe, was breached last week when the hacker group ShinyHunters claimed to steal hundreds of millions of records tied to students and employees. The group, previously linked to Ticketmaster and AT&T breaches, demanded ransom negotiations from affected schools by May 12, 2026, threatening to leak data if no settlement was reached. By early Friday, Instructure said Canvas was back online for most users but remained blocked at many California campuses, including UCLA and UC Berkeley, where students encountered threatening messages during login attempts. UC officials stated Canvas access would not be restored until the system was deemed secure, while schools like Stanford and USC advised users to avoid logging in. The breach exposed names, email addresses, student IDs, and internal messages but not passwords, birthdates, financial data, or government identifiers, according to Instructure’s Wednesday update. The company attributed the incident to an exploit of its Free-For-Teacher accounts and temporarily suspended them to contain the threat. Public school districts in California, Utah, and North Carolina reported outages, with San Diego Unified evaluating the impact of shutting off Canvas. Los Angeles Unified confirmed it did not use affected Instructure products. Nationally, Harvard, Duke, and the University of Pennsylvania also experienced disruptions, though no California colleges confirmed compromised private data. UCLA’s Bruin Learn platform functioned normally Thursday morning before students were locked out midday. Instructure spokesperson Brian Watkins stated unauthorized actors altered login pages, prompting a full shutdown for investigation. The company emphasized restoring access only after ensuring system security.