A significant cybersecurity incident targeting the Canvas learning management system has sparked concern across schools and universities in the United States. The platform, operated by education technology company Instructure, was hit by a breach that temporarily disrupted access for many users and exposed certain categories of account-related information. Although the attack initially caused widespread uncertainty among students and educators, the company later confirmed that the stolen data had been returned by the threat actors and that normal services had been restored.
Canvas supports millions of users globally and is widely used in both K-12 schools and higher education institutions, making the disruption particularly impactful for academic scheduling and communication.
During the incident, a hacking group known as ShinyHunters claimed responsibility for compromising systems linked to the platform’s parent company. A ransom note appeared on multiple Canvas login pages used by major universities and school districts, including several high-profile institutions.
The attackers reportedly demanded negotiations and set a deadline in early May for responses from affected organizations. Given Canvas’s large user base of more than 30 million individuals across thousands of institutions, the message caused immediate concern about data privacy and system security. In some cases, schools were forced to adjust academic calendars, extend deadlines, or postpone assessments due to temporary access issues.
The company reported that the attackers accessed limited user information, including email addresses, usernames, course names, enrollment details, and internal messaging content. However, it emphasized that sensitive data such as passwords, coursework submissions, and full academic content were not compromised during the breach.
Following the incident, the organization stated it received digital confirmation that the stolen information had been deleted by the attackers. It also noted that no further extortion attempts against customers are expected in relation to this event. Cybersecurity experts and federal authorities assisted in monitoring the situation and supporting affected institutions during the response phase.
Canvas has since been fully restored, with services returning to normal operations shortly after the disruption. The company also announced upcoming webinars to explain the incident in detail and outline improvements to system security. Leadership acknowledged communication challenges during the crisis and issued an apology for the disruption experienced by students and educators.
Moving forward, Instructure says it is focusing on strengthening its infrastructure and enhancing protections to reduce the risk of similar incidents in the future.
In recent years, researchers have been closely studying changes in global fertility rates and…
Dining customs vary across cultures, and two of the most recognized eating styles are…
The eruption of the Hunga Tonga underwater volcano was one of the most extraordinary…
A new comedy film starring RuPaul is gaining attention for its bold mix of…
Pursuing a career in healthcare has long been viewed as a reliable path to…
Artificial intelligence firm Anthropic has moved closer to going public after confidentially submitting paperwork…