Overview
- Canvas went into maintenance mode Thursday after a hacker note appeared on login pages that set a May 12 deadline, cutting off access at universities and school systems across the U.S.
- Instructure reported that exposed data so far appears limited to names, email addresses, student ID numbers and private Canvas messages, with no evidence of passwords, dates of birth, government IDs or payment details.
- Colleges including UC and CSU campuses, Harvard, Duke and Penn, plus K–12 districts and Australian providers, warned of disruptions to exams and coursework and told users to expect phishing attempts.
- ShinyHunters claims it took data tied to nearly 9,000 institutions and hundreds of millions of people, a scale investigators have not verified as schools and national cyber agencies review the impact.
- Institutions said the ransom message was later replaced by a maintenance notice, and Instructure said it rotated keys, revoked credentials and brought in outside forensics and law enforcement as many schools temporarily blocked Canvas and shifted class work to other channels.