A major cyber security breach involving the educational platform Canvas has disrupted schools and universities across the United States, with reports suggesting some institutions have directly contacted hackers in an effort to prevent stolen data from being leaked.
Read More: Canvas warns schools after major student data breach
According to Reuters, the hacking group ShinyHunters claimed responsibility for the attack and alleged it had stolen approximately 6.65 terabytes of data linked to nearly 9,000 schools worldwide.
ShinyHunters ransomware attack disrupts 9,000 schools and universities worldwide, impacting Canvas during finals and delaying exams in multiple countries.
The hackers now threaten to leak data from 275 million students and staff. They have set a ransom deadline for May 12, 2026.… pic.twitter.com/bZVmpBxICH
— Bloom Pakistan (@bloom_pakistan) May 9, 2026
The group said the compromised information included student names, email addresses, ID numbers, and private messages exchanged between students, teachers, and staff.
Canvas, owned by Instructure, is widely used by schools and universities for assignments, classroom communication, grading, and academic resources. The platform reportedly has around 30 million active users globally.
Instructure confirmed it was investigating a cybersecurity incident after detecting unauthorised activity. The company later said the breach involved data from its Free-for-Teacher service, which allows educators and users to test certain platform features.
Hackers reportedly inserted messages visible to some logged-in users, including links to a list of allegedly affected schools. In response, Instructure temporarily took parts of the platform offline, including Canvas Beta and Canvas Test, while restoring the main service hours later. The company said Canvas is now operational again, though some services remain in maintenance mode as security reviews continue.
The Federal Bureau of Investigation acknowledged awareness of a breach affecting the US education sector, though it did not directly name Canvas.
Reports indicate that some school districts and universities may have reached out to the hackers after a public demand was made inviting affected institutions to negotiate to stop data publication. The incident has raised alarm across classrooms, particularly as students prepare for end-of-year assignments and examinations.
Read More: Pakistan launches real-time system to track cyber attacks
Cybersecurity experts say the breach highlights the growing vulnerability of education systems, which increasingly rely on digital platforms to manage sensitive academic and personal information.