NEW YORK — The hacking group ShinyHunters breached Instructure's Canvas learning platform on Thursday, disrupting access to grades, study materials and quizzes for students at universities and school districts across the United States. The group demanded ransoms to prevent further data leaks in a note posted on affected Canvas sites.
Canvas, a cloud-based digital hub for classrooms, has more than 30 million active users globally and more than 8,000 institutions as customers, parent company Instructure says on its website. Half of all college and university students in North America use Canvas or Canvas Career, according to the company.
Universities and school systems impacted on Thursday included Murray State University and the University of Tennessee at Martin. Columbia University, Rutgers, Princeton, Kent State, Harvard and Georgetown issued statements alerting students to the hack. School districts in California, Florida, Georgia, Oklahoma, Oregon, Nevada, North Carolina, Tennessee, Utah and Virginia were also affected. Many Canvas users were in the middle of a busy spring finals week.
"ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some 'security patches,'" the group wrote in the ransom note. The note added, "Instructure still has until EOD 12 May 2026 to contact us."
Instructure said on its website that Canvas was "in maintenance mode" late Thursday afternoon. The breach was the second this month involving Instructure. On May 1, the company said it "experienced a cybersecurity incident perpetrated by a criminal threat actor" but contained the situation the next day. Instructure indicated that user names, email addresses and student ID numbers were breached in the May 1 incident. ShinyHunters claimed responsibility for both attacks.
University of California and California State University officials said they are monitoring the breach and gathering information as Instructure works to restore service. UC Berkeley said it was not directly targeted but sent a community-wide email instructing students not to access Canvas until further notice. "We recognize this disruption affects teaching and learning across campus. Students should await instructions from their instructors regarding temporary arrangements for submitting assignments and accessing course materials," the university said.
Anish Garimidi, a junior at the University of Pennsylvania, said he was grateful his professors were accommodating and were sending materials through other means. "The biggest cause of fear and anxiety in me is that I was deprived of significant resources to study and do the best," Garimidi said.
The Acalanes Union High School District in California sent a community-wide email informing families about the cybersecurity incident that disabled the Canvas platform. The district reminded users not to respond to suspicious emails, texts or login requests, not to share passwords or verification codes, and to ignore unexpected account access requests.