Overview
- Instructure said late Thursday that Canvas was available for most users following a daylong outage that derailed studying and exams at universities and K–12 districts.
- The hacking group ShinyHunters claimed it breached Instructure and posted ransom notes on Canvas pages that set a May 12 deadline to negotiate or face data leaks.
- Initial findings from Instructure point to access of names, email addresses, student ID numbers and user messages with no evidence so far of passwords, birth dates, government IDs or financial data.
- Universities and school systems placed Canvas in maintenance mode, blocked or redirected access, extended deadlines and warned of phishing, with UC and CSU campuses, Harvard and dozens of others reporting disruptions.
- Coverage and official notices describe impact at nearly 9,000 institutions worldwide, including Australian state schools and TAFE, as national cyber authorities coordinate responses and schools brace for targeted scams and privacy risks.