Canvas offline as ShinyHunters demands settlement over 275 million student records
The hacking group claims to have accessed names, email addresses, and ID numbers from 9,000 schools, forcing a widespread outage across major universities.
Instructure has taken its learning management platform, Canvas, offline following a ransom demand from the extortion group ShinyHunters. The outage, which began on Thursday, 7 May 2026, was triggered by a message posted on the system threatening to leak sensitive data belonging to approximately 9,000 schools and 275 million students by the end of the day.
The ransom note, which appeared on Canvas systems globally, asserts that the group has successfully breached student names, email addresses, ID numbers, and messages. ShinyHunters indicated that they ignored previous security patches deployed by Instructure and instead proceeded to extract the data, demanding a settlement to prevent its public release.
In response to the threat, Instructure confirmed the breach and immediately placed Canvas, Canvas Beta, and Canvas Test into maintenance mode. The company stated on its status page that it is currently deploying security patches and anticipates restoring services soon, though a specific timeline for full restoration remains uncertain.
The disruption has already impacted major educational institutions, with reports of access issues surfacing at Harvard University and the University of California Irvine. At Harvard, students lost access to the platform at approximately 3:30 PM, with the site redirecting to the ShinyHunters message. Meanwhile, students at the University of California Irvine began receiving pop-up notices displaying the ransom demand later in the day.
ShinyHunters is an established extortion group known for targeting major organisations worldwide, having previously claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel. The group's data leak site reportedly contains records from the affected schools, including details on teachers and staff members in addition to students.
While Instructure had recently confirmed a massive data breach and stated it deployed patches to enhance system security, the group's actions have forced a complete shutdown of the service. The company has advised affected schools to consult cyber advisory firms if they wish to negotiate a settlement to prevent the potential leak of the compromised data.
