Updated May 7, 2026 / CBS/AP
A major cyberattack knocked Canvas, the learning management system used by thousands of schools and universities, offline Thursday, disrupting finals preparation and everyday coursework and highlighting how dependent education has become on digital platforms.
Cybersecurity researchers say the hacking group ShinyHunters claimed responsibility. Luke Connolly, a threat analyst at cybersecurity firm Emisoft, said the group posted that nearly 9,000 schools worldwide were affected and that billions of private messages and other records may have been accessed. Screenshots provided to reporters show the group threatened to leak data, setting deadlines first on Thursday and again for May 12, which Connolly said suggests extortion discussions could be ongoing.
Instructure, the company that operates Canvas, posted to its status page late Thursday that Canvas was “now available for most users,” but its social media channels had not addressed the incident. Several large universities reported outages or impacts, including Penn State, the University of Wisconsin–Madison, Columbia University, Union College (New Jersey), UCLA, Northwestern University, the University of Chicago, the University of Illinois system and Harvard, among others. Some public school districts also reported interruptions.
Penn State told students that “no one has access” to Canvas and that a resolution was not expected within 24 hours; the university canceled tests scheduled in its Pollock Testing Center for Thursday and Friday. Other institutions scrambled to notify students and parents and to postpone or move assessments.
Canvas is widely used to manage grades, assignments, course notes and lecture videos, so outages can quickly disrupt instruction and assessment. Education systems, rich in digitized records and personal data, have increasingly become targets for criminal hackers; past incidents have affected districts such as Minneapolis Public Schools and the Los Angeles Unified School District.
Connolly said the Canvas attack is similar to a recent breach at PowerSchool, another education software provider. He described ShinyHunters as a loose affiliation of teens and young adults based in the U.S. and the U.K., and noted the group has been tied to other high-profile breaches, including one involving Live Nation’s Ticketmaster subsidiary.
Instructure did not immediately respond to requests for comment from CBS News. School officials and security experts urged students and staff to follow official communications from their institutions while investigations continue.