Instructure's Canvas learning management system suffered a data breach disclosed on May 7, 2026, taking the platform offline during U.S. college finals period. The hacking group ShinyHunters claimed responsibility, with reports indicating exposure of personal information for over 275 million students, teachers, and staff across nearly 9,000 schools worldwide, including K-12 districts and universities. Instructure stated that no passwords, government IDs, or financial data appear to have been stolen, and the platform has since been restored. Some institutions, including Georgia Tech, advised users not to log back in immediately while investigations continued. The incident has caused significant academic disruption and remains under active review.
- Canvas cybersecurity breach impacting millions of students promp
- Canvas data breach rattles colleges during finals period : NPR
- Nationwide Canvas breach exposes data of 275 million in schools
- Canvas Online Learning Platform Disabled After Breach by Hackers
- ShinyHunters breach Instructure Canvas LMS, claim 275M users and
- Some Canvas Users Receive Ransomware Threat After Data Breach