Major Cyberattack Disrupts Classes For Thousands Of Colleges, Schools: What To Know

The Canvas learning management platform, used by roughly 9,000 K-12 schools and universities, suffered a major cyberattack that disrupted classes and exposed user data. The hacking group ShinyHunters claimed responsibility, exploiting an issue linked to Free-For-Teacher accounts to access information including names, email addresses, student IDs, and messages. Instructure, the Salt Lake City-based company behind Canvas, detected suspicious activity on April 29 and temporarily shut down the platform on May 7 to investigate, restoring access by May 8. The breach affected prominent institutions like Columbia, Georgetown, Harvard, MIT, Rutgers, UPenn, Penn State, and Princeton, many of which were in the midst of final exams. ShinyHunters claimed to have accessed data from over 275 million users and threatened to leak it on May 12 unless contacted by Instructure. While Instructure confirmed no evidence of stolen passwords, birth dates, government IDs, or financial data, the company notified the FBI and affected organizations on May 5. Instructure suspended Free-For-Teacher accounts as a precaution, stating it would resolve the issue while keeping Canvas operational. The company urged users to report suspicious activity to their school’s IT teams and avoid clicking on unexpected links. An ongoing investigation is assessing whether additional data was taken during the May 7 incident. Students, parents, and employees are advised to contact their institutions for personalized updates. Instructure emphasized that Canvas Beta and Canvas Test remained in maintenance mode during the recovery period.