Overview
- Canvas pages showed ransom notes Thursday, and Instructure put the learning platform into maintenance as students and staff were locked out.
- Instructure disclosed additional unauthorized changes on May 7 and said it is restoring access after cutting off the attacker’s routes and starting a forensic review.
- ShinyHunters claimed roughly 3.65 TB of data tied to about 9,000 schools with a May 12 deadline for contact to avoid a public release.
- The company says exposed data include names, email addresses, student ID numbers plus private Canvas messages, with no evidence of leaked passwords or financial or government IDs.
- Universities such as Harvard, Stanford, Penn and Georgetown reported disruptions, and Spain’s UOC delayed coursework and alerted Catalan cyber and data regulators.