New York — An apparent cyberattack shut down Canvas, a widely used education platform, on Thursday, leaving students and teachers across the United States locked out of coursework, assignments, and classroom messages. The timing couldn’t have been worse: many schools are in the middle of final exams or gearing up for them.
Canvas, a cloud-based hub for K-12 schools and universities, says it has more than 30 million active users worldwide. Its parent company, Instructure, lists over 8,000 institutions as customers.
Large public school districts and prestigious universities like Columbia, Princeton, Harvard, and Georgetown all reported that a ransom note had appeared on their Canvas login pages. The note was signed by a hacking group that claimed responsibility for the breach.
By late Thursday night, Instructure announced that Canvas was available again “for most users.” But by then, many schools had already pushed back deadlines and reshuffled final exam schedules because of the disruption.
Here’s what we know so far.
How the Canvas hack unfolded
Around noon Thursday, a student at the University of Washington tried to log into Canvas and was met with a message from a group calling itself ShinyHunters. The note claimed the group had “breached” Instructure, according to a screenshot obtained by CNN. Similar messages appeared on other campuses, demanding ransoms to prevent stolen data from being leaked.
At the University of Pennsylvania, one student said he was kicked out of his Canvas account while studying for finals. Professors had to scramble, sending materials through email and other workarounds.
Universities across the country — including Rutgers, Kent State, MIT, and Georgetown — issued alerts to students about the nationwide disruption. School districts in California, Florida, Georgia, Oklahoma, Oregon, Nevada, North Carolina, Tennessee, Utah, Virginia, and Wisconsin also reported being affected.
This is the second school-related data breach ShinyHunters has claimed this month. In Thursday’s ransom note, the group said it had hacked Instructure “again” and criticized the company’s response to the earlier attack: “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
Just days earlier, on May 1, Instructure acknowledged that it had “experienced a cybersecurity incident perpetrated by a criminal threat actor.” The company said the breach was “contained” the next day, but admitted that usernames, email addresses, student ID numbers, and some user communications had been exposed.
On May 3, ShinyHunters posted another ransom note claiming it had stolen data on 275 million individuals and accessed “several billions of private messages.” That note gave Instructure a May 6 deadline to respond. In Thursday’s message, the group gave affected schools until May 12 to “negotiate a settlement.”
During the outage, Instructure put Canvas into “maintenance mode.” By late Thursday, the company said service had been restored for most users.
Who is ShinyHunters?
Not much is publicly known about the group behind the Canvas attack. But cybersecurity researchers and federal authorities have linked the ShinyHunters name to several high-profile data thefts.
In 2024, the group claimed responsibility for hacking Ticketmaster and attempting to sell user data on the dark web. Earlier this year, Mandiant — a Google-owned cyber-intelligence firm — reported an uptick in activity consistent with past “ShinyHunters-branded extortion operations.” According to Mandiant, the attackers use sophisticated voice phishing and fake company login pages to steal employee credentials before extracting sensitive data from cloud platforms.
In 2024, the U.S. Department of Justice announced the sentencing of a ShinyHunters member. Prosecutors described the person as part of a notorious international hacking crew. Court documents showed that a user operating under the ShinyHunters name had posted stolen data from more than 60 companies for sale on dark web forums and sometimes threatened to leak sensitive files if victims didn’t pay.
How students and schools reacted
Melanie Topchyan, a senior at the University of California, Riverside, told CNN she missed a quiz Thursday because of the outage and was worried about falling behind. She has a midterm next week for a demanding course and relies on Canvas to review lectures and notes.
“It is a little bit of a freakout,” she said.
At the University of Pennsylvania, junior Anish Garimidi was logged out of Canvas while trying to study. He said he felt a surge of anxiety.
“The biggest cause of fear and anxiety in me is that I was deprived of significant resources to study and do my best,” he told CNN.
For many students, the disruption hit at the worst possible moment. Georgetown sophomore Minhal Nazeer had returned home to Kentucky because all her remaining coursework was online through Canvas. While some of her classmates were “freaking out,” she saw a small upside: professors extended deadlines.
“I was already in a good spot to finish all my papers, so I’m not too bothered by it,” she said. “But I do see it is helping me a little, because I have gotten some extension. I just have more time to look over my things.”
A Columbia University senior, who asked not to be named, said the outage came at the “most inopportune time” — right as students were shifting from end-of-year events to serious exam prep. That’s especially hard, he said, for those who had only just started compiling notes after “pushed off the thought of having to take exams in the following week.”
James Madison University moved its Friday exams to the following Wednesday, the school announced.
The episode has highlighted just how deeply embedded Canvas has become in academic life — not just as a place to submit assignments, but as a central communication tool.
At MIT, junior Allison Park said professors were scrambling to find students’ email addresses after losing access to Canvas’s announcement feature.
“The fact that this one website was the link between teaching staff and students outside of class — I didn’t realize how big of a dependency we had on it until they were scrambling to find our emails,” she said.
Fellow MIT student Liane Xu noted that many of her courses rely on Canvas to collect assignments and manage grading. While some professors keep materials on separate websites, she said critical resources — lecture videos, notes, study documents — are often stored inside the platform.
As the semester winds down, she said, access to those materials is essential.
“It’s unfortunate, and we’re sort of the victims of this,” the Columbia senior said.