Hacker
Global education was thrown into chaos this week after the notorious ShinyHunters group breached Instructure’s Canvas platform.

Canvas, one of the world's most widely used student learning platforms, was hit by a major cyberattack that disrupted services globally and exposed sensitive student and staff data.

The attack, according to reports, targeted Instructure, the company behind Canvas, which is used by thousands of schools, colleges and universities for coursework, exams, messaging and grading systems.

The hacker group ShinyHunters has claimed responsibility for the breach and is threatening to leak the stolen data unless negotiations begin before 12 May 2026.

The incident caused widespread outages across educational institutions in the United States, Australia and other regions, with many students unable to access assignments, lecture notes or examination materials during finals season.

Hackers Threaten To Leak Data By 12 May

The reports said that users attempting to log in to Canvas were redirected to ransom-style messages allegedly posted by the attackers. The messages warned schools and Instructure to contact the group before 12 May or face the public release of the stolen information.

Inside Higher Ed reported that the hackers threatened to publish 'several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other [personal identifying information]'.

The group claims the breach affects data linked to nearly 9,000 educational institutions and as many as 275 million users worldwide, although the full scale has not been independently verified.

Cybersecurity researchers noted that ShinyHunters has previously been linked to high-profile breaches involving major corporations, including attacks targeting cloud and telecommunications firms.

What Data Was Exposed?

Instructure has confirmed that the compromised information includes names, email addresses, student ID numbers and messages exchanged within Canvas systems. The company said there was currently no evidence that passwords, financial information or government-issued identification numbers had been exposed.

TechCrunch reported that samples of the allegedly stolen data included private communications between students and staff, as well as institutional records from schools in the United States.

Educational institutions across several countries have since begun internal investigations to determine whether their students or staff were directly affected.

Universities and Schools Scramble to Respond

The outage caused widespread disruption during one of the year's busiest academic periods. Universities including Harvard, Duke, UCLA and the University of Pennsylvania were among institutions reportedly impacted by access issues or security concerns.

Some universities postponed exams or extended deadlines after students lost access to coursework and online submission portals.

Associated Press reported that panic spread across social media as students feared losing assignments, grades and revision materials during final examinations.

In Australia, schools and universities also began reviewing potential exposure linked to the breach, while government agencies coordinated responses with affected institutions.

Instructure Places Systems Into Maintenance Mode

Following the attack, Instructure temporarily placed Canvas and related services into maintenance mode while security teams investigated the breach and deployed fixes.

The company said it had revoked credentials, patched vulnerabilities and increased monitoring efforts after detecting suspicious activity.

However, intermittent outages reportedly persisted even after some services were restored, leading to frustration among students and educators who rely on the platform for day-to-day academic operations.

Growing Concern Over Education Cybersecurity

The incident has renewed scrutiny over cybersecurity protections within the education sector, which increasingly stores vast amounts of personal and academic data online.

Security analysts warned that schools and universities are becoming attractive targets for cybercriminal groups because of the scale of sensitive information they hold, and the operational pressure institutions face during academic terms.

With the 12 May deadline approaching, uncertainty remains over whether any ransom negotiations are taking place behind the scenes or whether the threatened data leak will materialise.

For millions of students and educators worldwide, the breach has exposed the growing vulnerability of digital learning infrastructure at a time when online platforms have become central to modern education.

Originally published on IBTimes UK