Thousands of Schools Hit With Cyberattack on Canvas Platform

A sweeping cyberattack disrupted Instructure’s Canvas learning management system on Thursday, knocking thousands of U.S. and Canadian schools and universities offline at a critical moment for finals and end-of-semester work. The hacking collective ShinyHunters claimed responsibility as services staggered back online late in the day, while institutions scrambled to adjust exams and reassure students and staff.

What happened

The outage interrupted access to assignments, grades, course materials, and messaging tools that students and instructors rely on to manage coursework. For many campuses, the timing was especially painful: final exams were underway and grade deadlines loomed.

At the University of Maryland, the disruption quickly spilled into the classroom. Elizabeth Polo, a junior in a late-afternoon creative writing course, recalled the moment her class realized something was wrong.

“Canvas got hacked,” a classmate shouted, as a message from a hacking collective flashed across Polo’s screen.

“Our whole class just was freaking out about it,” Polo said. “Our poor professor was trying to get everyone to calm down, but it was just kind of chaos.”

According to Polo, the on-screen note urged individual schools to contact the group directly to negotiate a settlement and threatened to leak data if they didn’t. She said Canvas later replaced that message with a notice about “scheduled maintenance.” Just before 1 a.m. Friday, Polo was able to submit an assignment—but she now worries her personal information may have been exposed.

Instructure said late Thursday that service had been restored for most users, though information technology teams across campuses continued monitoring and troubleshooting into the night and next day.

Who is claiming responsibility

Cybersecurity analysts said ShinyHunters, a data-theft group linked to previous high-profile leaks, took credit for the incident. Luke Connolly, a threat analyst at Emsisoft, noted that screenshots posted by the group claimed nearly 9,000 schools worldwide were affected. The group also threatened to release data allegedly obtained in the attack—claims that could not be independently verified at press time.

What data may be at risk

In an update shared Saturday, Instructure’s chief information security officer, Steve Proud, said the apparent data exposure involved student ID numbers, email addresses, names, and messages exchanged on the Canvas platform. The full scope of the incident remains under investigation.

Campus impact and disruption

As Canvas went dark, universities issued emergency alerts and contingency plans. The University of Texas at San Antonio announced delays to some Friday finals, citing the disruption. Princeton University reported the platform appeared operational again later Thursday, while emphasizing that its IT staff would continue to monitor stability and investigate lingering issues.

Other institutions shared similar updates, warning of potential delays to coursework and grading, and urging students and faculty to check official channels for the latest status. Some districts told their communities that no additional action was required and that there was no indication so far that highly sensitive personal information had been affected.

Company response

Instructure said it restored service for most users late Thursday and replaced the on-screen message attributed to the hackers. The company has continued to post updates as access returned in stages and said it is working to identify the scope of the incident and assist affected institutions. Further details on root cause and remediation steps were not immediately disclosed.

Why the timing matters

Learning management systems like Canvas are the backbone of modern academics, centralizing everything from quizzes to grade submissions. An outage during finals doesn’t just interrupt testing—it can affect accommodations, submission deadlines, grading workflows, and even graduation timelines. The added specter of potential data exposure compounds the pressure on campus IT teams and administrators already navigating end-of-term demands.

What students and faculty can do now

• Watch for official updates from your institution and Canvas status pages regarding access and deadlines.
• Be alert to phishing attempts that reference the incident; verify unexpected messages and links before clicking.
• If advised by your institution, change your Canvas and institutional passwords and enable multifactor authentication where available.
• Review recent messages and submissions in Canvas for anomalies and report suspicious activity to your campus IT help desk.

As access stabilizes, universities have acknowledged the strain on students and staff, thanking faculty and IT teams who worked through the night to maintain continuity. With the investigation ongoing, institutions are urging patience—and vigilance—while they assess the operational and privacy fallout from the attack.