Canvas learning management system experienced a cyberattack affecting the University of Illinois and thousands of other institutions. Personal data was potentially compromised in the breach, with details indicating wide-scale impact across educational institutions using the platform.
Canvas
Instructure Canvas LMS — used by K-12 and higher-ed for coursework, grading, and SSO.
Recent threats
ShinyHunters exploited a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft between May 27 and June 9, 2026, affecting over 100 organizations—68% in higher education. The threat group, previously linked to the Canvas breach, gained unauthorized access to student records and other sensitive data. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and mandated remediation for federal agencies by June 14.
- Colleges hit in cyberattack by group behind Canvas breach, Googl(opens in a new tab)
- ShinyHunters linked to exploitation of critical flaw in Oracle P(opens in a new tab)
- Google warns that ShinyHunters group is exploiting Oracle flaw t(opens in a new tab)
- CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in(opens in a new tab)
A massive cyberattack targeting Instructure's Canvas LMS has been disclosed. The incident represents a significant security event impacting the widely-used educational learning management system, prompting discussions about security vulnerabilities in SaaS platforms used in educational settings.
ShinyHunters breached Instructure Canvas LMS in April 2026, stealing 3.65TB of data affecting approximately 275 million user records across 9,000 educational institutions. The threat group demanded ransom and disclosed the breach using the FFT vector. Canvas is widely deployed across schools and universities globally.
- Canvas Data Breach: How to Stay Safe If Your Info Was Leaked(opens in a new tab)
- Canvas Data Breach: Data Privacy Implications for IHEs(opens in a new tab)
- Canvas Data Breach: Rethinking Cybersecurity for Education(opens in a new tab)
- Will schools answer the Canvas breach’s wake-up call?(opens in a new tab)
Instructure's Canvas learning management system has suffered a major data breach, with the ShinyHunters group claiming theft of approximately 275 million student and staff records spanning more than 7,000 universities and K-12 districts. The stolen dataset reportedly includes years of academic activity, communications, and other personal information tied to student identities. Disruptions to Canvas access during peak exam season led several US universities, including Harvard and Northwestern, to postpone final exams. Reports indicate Instructure paid the ransom demand, though attackers had already exfiltrated the data. Initial access is believed to have involved social engineering targeting identity, consistent with prior ShinyHunters tradecraft. Downstream risks include long-term phishing, impersonation, and identity fraud, particularly for minors whose identities may remain unmonitored for years.
- Canvas breach puts global education cyber risk in focus(opens in a new tab)
- After the Canvas breach, security takes centre stage for SaaS pr(opens in a new tab)
- Attorney General Jeff Jackson Urges North Carolinians to Protect(opens in a new tab)
- Canvas security breach: What the Shiny Hunters attack means for (opens in a new tab)
- Canvas data breach may have exposed millions of student and teac(opens in a new tab)
- How the Canvas data breach further frayed families’ trust in ed (opens in a new tab)
Instructure has confirmed a data breach affecting its Canvas learning management platform that impacted educational institutions globally. The company stated it reached an agreement with the unauthorized actor that resulted in the return and destruction of the accessed data. Affected organizations include Pittsfield Public Schools in Massachusetts, where secondary student progress reports were among the data exposed, and Singapore government-supported institutes, where the Ministry of Education said no sensitive data appears to have been leaked. The full scope of impacted institutions and data categories has not been disclosed, and Instructure is continuing to notify affected customers. Institutions using Canvas should review notifications from Instructure and assess any downstream exposure of student or staff records.
- Pittsfield Public Schools says secondary progress reports impact(opens in a new tab)
- No sensitive data leaked in global Canvas learning platform brea(opens in a new tab)
- No sensitive data leaked in global Canvas breach, Singapore MOE (opens in a new tab)
- Canvas hack: Company pays criminals to delete students’ stolen d(opens in a new tab)
- The Canvas breach proved that prevention is no longer enough | C(opens in a new tab)
- Can You Trust a Hacker's Promise? The Reality Behind the Canvas (opens in a new tab)
Canvas, the Instructure-owned learning management system, was the subject of a hack disclosed in early May 2026 that exposed data from nearly 9,000 schools, including personally identifying information. Reporting frames the incident as part of a broader pattern of edtech breaches affecting student and staff records. Specific attack vectors, threat actor attribution, and the full scope of compromised data have not been detailed in this coverage. Schools using Canvas should monitor for official Instructure advisories, review account activity, and prepare for potential notification obligations. Severity is rated HIGH given the confirmed large-scale exposure of personal data across thousands of institutions.
- Canvas hack exposes schools’ vulnerability to cyberattacks - The(opens in a new tab)
- Canvas hacked: Major data breach impacts schools across US(opens in a new tab)
- What the Canvas cyber breach means for Australia’s schools | The(opens in a new tab)
- Canvas breach highlights growing risks of digital dependence in (opens in a new tab)
- What to do after Canvas data breach: Wisconsin DATCP issues cons(opens in a new tab)
Instructure's Canvas learning management system suffered a data breach disclosed on May 7, 2026, taking the platform offline during U.S. college finals period. The hacking group ShinyHunters claimed responsibility, with reports indicating exposure of personal information for over 275 million students, teachers, and staff across nearly 9,000 schools worldwide, including K-12 districts and universities. Instructure stated that no passwords, government IDs, or financial data appear to have been stolen, and the platform has since been restored. Some institutions, including Georgia Tech, advised users not to log back in immediately while investigations continued. The incident has caused significant academic disruption and remains under active review.
- Canvas cybersecurity breach impacting millions of students promp(opens in a new tab)
- Canvas data breach rattles colleges during finals period : NPR(opens in a new tab)
- Nationwide Canvas breach exposes data of 275 million in schools(opens in a new tab)
- Canvas Online Learning Platform Disabled After Breach by Hackers(opens in a new tab)
- ShinyHunters breach Instructure Canvas LMS, claim 275M users and(opens in a new tab)
- Some Canvas Users Receive Ransomware Threat After Data Breach(opens in a new tab)