Cyberattack shutters Canvas learning platform for schools across the U.S.

Instructure’s Canvas learning management system, used by thousands of U.S. schools and universities, was shut down Thursday after a cyberattack by the hacking group ShinyHunters. The outage affected institutions like Penn State, UCLA, Columbia University, Northwestern University, and Harvard, leaving students unable to access grades, assignments, and course materials. The attack forced Penn State to cancel all tests scheduled for Thursday and Friday in its Pollock Testing Center, with no resolution expected within 24 hours. Schools like UCLA and the University of Wisconsin-Madison also reported disruptions, while public school districts, including those in Spokane, Washington, assured parents that no sensitive data had been compromised. ShinyHunters claimed responsibility, stating they accessed billions of private messages and records from nearly 9,000 schools worldwide. The group posted deadlines for potential data leaks—Thursday and May 12—suggesting ongoing negotiations over extortion payments, according to threat analyst Luke Connolly of Emisoft. The incident mirrors a previous breach on PowerSchool, another learning management tool provider, where a Massachusetts college student was later charged. Connolly described ShinyHunters as a loosely organized group of teenagers and young adults based in the U.S. and U.K., linked to past attacks on Ticketmaster’s Live Nation subsidiary. This disruption underscores the growing vulnerability of educational institutions to cyber threats, as hackers increasingly target digitized student data. Instructure has not yet issued a public statement regarding the attack.