It could not have happened at the worst time.
The education hub Canvas, used by thousands of schools from elementary school through college, was down for hours this week after hackers accessed the system and obtained data on 275 million people.
The cyberattack occurred as the school year was winding down and students were preparing for end-of-year exams and projects.
ShinyHunters have claimed responsibility for the hack, The Associated Press reported.
The hackers said about 9,000 schools around the world were affected, with billions of private messages and other records accessed, cybersecurity threat analyst Luke Connolly told the AP.
Connolly said hackers started threatening to leak the data on Sunday, with two deadlines to pay — May 7 and May 12.
Canvas, which holds course materials for final exams, was down Thursday, prompting students to ask each other on social media whether they could access the platform.
Massachusetts Institute of Technology student Liane Xu, told CNN her courses use the platform for assignments and grading, as well as lecture videos, notes and study documents and as the school year comes to an end, those files were essential.
“The fact that this one website was the link between teaching staff and students outside of class – I didn’t realize how big of a dependency we had on it until they were scrambling to find our emails,” MIT student Allison Park told CNN. She said that with the system down, professors had to find all of their students’ emails since they had no access to Canvas’ announcement feature.
James Madison University, which was also impacted, moved exams due to the outage.
Instructure, the parent company of Canvas, said late Thursday that it was available for most users, but Canvas Beta and Canvas Test were in maintenance mode, The New York Times reported.
The company said on May 1 that it had a “cybersecurity incident perpetrated by a criminal threat actor.” In a later update, it added that information such as names, emails, ID numbers and messages were accessed.
Instructure’s chief information security officer, Steve Proud, said that passwords, birthdays, government identifiers or financial information did not appear to have been breached and that the threat was “contained,” the Times reported.
“Canvas is fully operational, and we are not seeing any ongoing unauthorized activity,” the company posted on its website on Wednesday, the day before the system was down.
This is not the first cyberattack by ShinyHunters. It has targeted Ticketmaster, Microsoft and AT&T among others, including Infinite Campus and textbook publisher McGraw-Hill, according to the Times.
© 2026 Cox Media Group
