Canvas Platform Crippled by Cyberattack—Ransom Demand Threatens 275 Million Student Records

By

Breaking: The Canvas learning management system was taken offline today after hackers defaced its login page with a ransom note, threatening to release data on 275 million students and faculty from nearly 9,000 institutions. The attack, claimed by the cybercrime group ShinyHunters, has disrupted final exams and coursework across the United States.

Instructure, Canvas's parent company, disabled the platform mid-day Thursday after users reported seeing the extortion message. The company replaced the login portal with a notice of scheduled maintenance, but sources confirm this is a direct response to the ongoing breach.

"This is an active and fast-moving situation," said Dr. Elena Torres, a cybersecurity analyst at the University of Texas. "The disruption to educational operations during finals week is severe, and the threat to leak such a massive dataset is unprecedented."

Background

Canvas is used by thousands of school districts, colleges, and businesses to manage assignments, grades, and communication. On May 6, Instructure confirmed that ShinyHunters had accessed user data, including names, email addresses, student ID numbers, and private messages. The company stated it found no evidence of stolen passwords, birth dates, or financial information.

ShinyHunters originally set a ransom deadline of May 6, later extended to May 12. Despite Instructure's claim that the incident was contained, today's defacement proves attackers retained access or used previously stolen credentials to alter the login page.

What This Means

For universities and school districts in the middle of final exams, the outage could delay grading, prevent submission of assignments, and disrupt communication. The ransom note advised individual institutions to negotiate their own payments to avoid data publication—regardless of whether Instructure pays.

"If ShinyHunters publishes even a fraction of the claimed 275 million records, the privacy implications for students and faculty are enormous," warned Marcus Reed, a data breach response specialist with SecureEd. "This attack underscores the fragility of centralized education technology."

Instructure has not announced a timeline for restoring service. Updates were promised on their status page, but as of now, the platform remains offline. Students and educators are urged to check institutional channels for alternative instructions.

Related Articles

• The Evolving AI Threat Landscape: January–February 2026 Report
• Strengthening Digital Fortresses: Meta's Advances in End-to-End Encrypted Backup Security
• How to Proactively Defend with Agentic AI Red Teaming: A Step-by-Step Guide
• VECT 2.0: The Ransomware That Acts as a Data Wiper – Files Over 131KB Lost Forever
• One-Click Convenience Triumphs: Overwhelming Majority of Users Still Use 'Sign in with Google' Despite Security Warnings
• LeafKVM: An Open Source KVM Switch Built on Rust and Buildroot
• Critical Vulnerability in Third-Party Tar Crate Affects Rust's Cargo Package Manager
• Python Unplugged PyTV Conference: Key Insights and Takeaways