May 26, 2026, 12:00 UTC
A sweeping cyberattack on Instructure’s Canvas learning management system — used by thousands of schools and universities across the United States — has left millions of students and educators exposed just as final exams are underway. The hack, claimed by the ShinyHunters ransomware group, has disrupted coursework, endangered personal data, and prompted federal investigations.
Breach Details
The attack was discovered on May 7, 2026, when students and faculty across multiple institutions logged into Canvas and found a message from the hackers: “ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches.'” The group had exploited a vulnerability in Canvas’s Free-For-Teacher accounts to gain access to the platform.
Instructure, Canvas’s parent company, confirmed the breach and said it took the system offline temporarily “out of an abundance of caution.” The company said it has restored Canvas access but shut down Free-For-Teacher accounts indefinitely. The platform serves more than 30 million active users across the United States, Canada, and beyond.
Threat intelligence firm Ransomware.live posted copies of ransom communications showing ShinyHunters claimed to hold data on 275 million individuals from nearly 9,000 schools. The group set a deadline of May 12, 2026, for schools to contact them about settlement before any data release — a deadline that has since passed.
Universities Respond
Harvard University, where the breach was first reported by the Harvard Crimson, was among the institutions most acutely affected. Students reported being unable to access coursework, grades, and exam materials during a critical period of the semester. Other major schools — whose names appeared on a leaked list published by the hackers — scrambled to implement contingency academic plans.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is coordinating with Instructure and affected school districts. The FBI has opened an investigation into the breach, which is being treated as both a data theft and extortion case.
Ongoing Threat
Security researchers say the breach represents one of the largest attacks on educational infrastructure in U.S. history. The exposed data could include student names, email addresses, grades, and in some cases Social Security numbers — depending on the school and what information is stored on Canvas.
ShinyHunters, a known ransomware and data theft group, has previously been linked to breaches at numerous companies. The group operates on a ransomware-as-a-service model and is known for publishing stolen data when ransom demands are not met.
📌 Americas Breaking News — Carlos Mendez | May 26, 2026
US school cyberattack: ShinyHunters breach Canvas LMS — 275M individuals’ data at risk from 9,000 schools. Finals disrupted. FBI investigating.
