Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools

Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil. Elizabeth Polo was in a creative writing class at the University of Maryland late Thursday afternoon when a classmate shouted, “Canvas got hacked.” A message from a hacking collective flashed on her computer screen. “Our whole class just like was like freaking out about it,” said Polo, a junior. “Our poor professor was trying to get everyone to calm down but it was just kind of chaos.” Across academia, the outage set off panic and confusion as students and faculty members found themselves locked out of a platform they rely on to manage grades and access course notes and assignments. Colleges scrambled to reschedule final exams as students lost any way to access materials they needed to study. Instructure, the company behind Canvas, said in an update late Thursday that the system was available for most users. “Instructure discovered the unauthorized actor involved in our ongoing security incident made changes to the pages that appeared when some students and teachers were logged in,” Instructure said Friday in a statement. “Out of an abundance of caution, we immediately took Canvas offline to contain access and further investigate.” Instructure also said it confirmed that the unauthorized actor exploited an issue related to its Free-For-Teacher accounts. The company has temporarily shut down those accounts. Instructure did not say whether it paid a ransom nor has it said what happened with the compromised data. Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District. Hackers breached data days before the outage A hacking group called ShinyHunters claimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said. The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance. Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised. Canvas went down just as deadlines were hitting The outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico. “They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.” That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs. “Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.” Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage. Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day. “The concern is for those of us who were doing the grading if there’s anything left,” Uzat said. Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online. If those assignments and grades could not be recovered, Jang would have given his students full credit. “I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.” A reliance on tech makes schools vulnerable The breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running. “What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology. Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system. “There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.” Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident. ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat. “You fixed it, but you already have the water in the boat,” he said. WRITTEN BY Associated Press More from Associated Press Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House Latest News Build Application Firewalls Aim to Stop the Next Supply Chain Attack Google Detects First AI-Generated Zero-Day Exploit Skoda Data Breach Hits Online Shop Customers Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring SailPoint Discloses GitHub Repository Hack Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested Trending Webinar: ROSI For CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Malwarebytes has named Chung Ip as Chief Financial Officer. Semperis has appointed John Podboy as Chief Information Security Officer. Randy Menon has become Chief Product and Marketing Officer at One Identity. More People On The Move Expert Insights The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Email