Iowa universities, DMPS among thousands impacted by Canvas cyberattack

Iowa State University, the University of Iowa, and Des Moines Public Schools (DMPS) have confirmed they are among thousands of educational institutions affected by a cyberattack on Canvas, a widely used online learning platform owned by Instructure. The breach was first reported by TechCrunch on May 5, 2026, with hackers claiming to have stolen private student data. ShinyHunters, a group previously linked to the 2024 Ticketmaster breach, sent extortion messages to Canvas users, warning that stolen data—including billions of private messages between students and teachers—could be released if Instructure does not respond by the end of May 12. Canvas, which powers assignment and grade tracking for schools nationwide, remains down as of May 12, with Instructure stating the platform is in maintenance mode. The company has not provided a timeline for restoration, though it claims to have contained the breach shortly after discovery. Users attempting to access Canvas are met with a message indicating scheduled maintenance, while Instructure’s status page confirms ongoing investigations. The University of Iowa’s Executive Vice President and Provost, Kevin Kregel, acknowledged the disruption in a statement, noting that the university’s ITS team is monitoring the issue closely. Kregel emphasized the importance of flexibility for students as the semester concludes, advising faculty to adjust timelines and explore alternative assignment methods. Iowa State University issued a similar statement, urging instructors to adapt to the outage until Canvas is restored. Des Moines Public Schools confirmed the breach after being notified by Instructure, with access currently disabled and replaced by a maintenance notice. The district is awaiting further details from the company. ShinyHunters’ message, shared widely among affected students, demands private negotiations via TOX, a decentralized messaging platform, and threatens data leaks if demands are ignored. Instructure has not publicly confirmed the hackers’ claims but has acknowledged investigating login issues, particularly with Student ePortfolios. The company’s response remains limited to assurances that the breach is contained, leaving affected institutions to manage the fallout independently. The attack underscores growing concerns over cybersecurity vulnerabilities in critical infrastructure, particularly in education sectors.