The widely used Canvas learning management system was hacked on May 7, according to a report by Reuters. As per the report, multiple US college newspapers reported the hacking incident. The data breach also disrupted access to coursework, grades and exam materials during finals week, leaving students and faculty across thousands of institutions unable to log in. The incident, now being called the 2026 Canvas security incident, is an ongoing cybersecurity breach affecting Canvas LMS, a learning management system operated by Instructure. In early May, Instructure disclosed it was investigating a cybersecurity incident involving certain user data, including names, email addresses, student ID numbers, and messages among users. The company said it found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.The report by Reuters also revealed that the hacker group called ShinyHunters claimed the responsibility for the attack, posting ransom notes on Canavs login pages. The criminal hacking group ShinyHunters, which reportedly formed in 2019 and operates on a “pay or leak” framework to extort companies and institutions, has claimed responsibility for the breach. On May 7, Canvas, Canvas Beta, and Canvas Test were placed into maintenance mode while Instructure investigated the issue. The ransom message left on Canvas pages read in part: “ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”The group warned universities to negotiate by May 12 or risk having stolen data leaked. Reports also suggest that the hackers may have accessed records from more than 9,000 schools, potentially exposing names, email addresses, student IDs, and internal messages.
Impact on universities
Several prominent institutions reported outages:* Harvard Crimson said students were locked out of Canvas.* Daily Pennsylvanian confirmed ransom demands appeared on Penn’s Canvas portal.* Duke Chronicle reported widespread disruption across Duke University.* Other affected schools include UCLA, University of Nebraska, and University of Missouri system, highlighting the scale of the breach.
What the company about the hacking attack
Canvas parent company Instructure placed the platform into maintenance mode while investigating. The company said there is no evidence that passwords, financial records, or government identifiers were compromised, but it has not confirmed the full extent of the breach. Universities have advised students not to engage with hacker messages or click links displayed on login pages.
