Canvas Platform Crippled by Cyberattack—Ransom Demand Threatens 275 Million Student Records

By

Breaking: The Canvas learning management system was taken offline today after hackers defaced its login page with a ransom note, threatening to release data on 275 million students and faculty from nearly 9,000 institutions. The attack, claimed by the cybercrime group ShinyHunters, has disrupted final exams and coursework across the United States.

Instructure, Canvas's parent company, disabled the platform mid-day Thursday after users reported seeing the extortion message. The company replaced the login portal with a notice of scheduled maintenance, but sources confirm this is a direct response to the ongoing breach.

"This is an active and fast-moving situation," said Dr. Elena Torres, a cybersecurity analyst at the University of Texas. "The disruption to educational operations during finals week is severe, and the threat to leak such a massive dataset is unprecedented."

Background

Canvas is used by thousands of school districts, colleges, and businesses to manage assignments, grades, and communication. On May 6, Instructure confirmed that ShinyHunters had accessed user data, including names, email addresses, student ID numbers, and private messages. The company stated it found no evidence of stolen passwords, birth dates, or financial information.

ShinyHunters originally set a ransom deadline of May 6, later extended to May 12. Despite Instructure's claim that the incident was contained, today's defacement proves attackers retained access or used previously stolen credentials to alter the login page.

What This Means

For universities and school districts in the middle of final exams, the outage could delay grading, prevent submission of assignments, and disrupt communication. The ransom note advised individual institutions to negotiate their own payments to avoid data publication—regardless of whether Instructure pays.

"If ShinyHunters publishes even a fraction of the claimed 275 million records, the privacy implications for students and faculty are enormous," warned Marcus Reed, a data breach response specialist with SecureEd. "This attack underscores the fragility of centralized education technology."

Instructure has not announced a timeline for restoring service. Updates were promised on their status page, but as of now, the platform remains offline. Students and educators are urged to check institutional channels for alternative instructions.

Related Articles

• Critical 'Copy Fail' Linux Kernel Flaw Exposes Millions to Stealthy Root Takeover
• Ex-NSA Chief Chris Inglis Admits ‘Failure of Enculturation’ Led to Snowden Leaks; Warns CISOs of Insider Threats 13 Years Later
• Protecting Your ASP.NET Core Applications: Applying the .NET 10.0.7 Out-of-Band Security Patch
• Ransomware in 2025: 7 Key Trends and Tactics Reshaping the Threat Landscape
• SailPoint Confirms Unauthorized Access to GitHub Repository, Data Remains Secure
• AI-Powered Tool Unveils 271 Firefox Security Holes: Largest Single Batch in History
• Your Roadmap to Becoming a Cybersecurity Consultant in 2025
• Ex-Ransomware Negotiators Sentenced to Four Years for Role in BlackCat Attacks