Canvas is down as ShinyHunters threatens to leak schools’ data
Canvas outage after breach; ShinyHunters demands ransom by May 12.
Canvas, the popular learning management system owned by Instructure, suffered a major breach attributed to the ShinyHunters hacking group. The attackers claim to have stolen data including student names, email addresses, identification numbers, and messages from approximately 9,000 educational institutions, affecting 275 million individuals. The group posted a ransom message on Canvas's login page, warning that if no settlement is reached by May 12, 2026, all data will be publicly leaked. ShinyHunters, known for previous high-profile attacks on Ticketmaster, AT&T, and Rockstar Games, stated that Instructure ignored initial contact and only deployed "security patches" instead of negotiating.
Instructure has taken Canvas, Canvas Beta, and Canvas Test offline, placing them in maintenance mode. The company's status page says they anticipate being back up soon. Last week, Instructure acknowledged the breach and said it had deployed patches to enhance system security. This incident adds to a growing list of cybersecurity failures in the education sector, exposing millions of students and staff to potential identity theft and privacy violations. Schools now face the difficult choice of negotiating with hackers or risking a massive data dump.
- ShinyHunters claims to have breached Canvas, stealing data from 9,000 schools and 275 million students/teachers.
- Hackers are demanding ransom by May 12, 2026, threatening to leak all data if demands are not met.
- Instructure responded by placing Canvas in maintenance mode and deploying security patches, but platform remains down.
Why It Matters
Education sector faces largest breach ever; schools must balance ransom risks against privacy fallout.