A major cyberattack caused chaos across schools and colleges in the US just as students were preparing for their final exams. The online learning platform Canvas experienced a disruption that forced many institutions to postpone or reschedule tests. The incident highlighted ongoing concerns about cybersecurity in education technology.

What Happened During the Attack

On Thursday, Canvas’s parent company Instructure detected suspicious activity on its network and decided to take the platform offline temporarily. The company confirmed that the breach was caused by a cybercriminal group responsible for a recent data leak. The attackers accessed user names, email addresses, student IDs, and messages exchanged on the platform.

Fortunately, Instructure stated that no passwords, birth dates, government IDs, or financial information appeared to be compromised. The threat actor, identified as a ransomware group called ShinyHunters, claimed responsibility for the breach. They also posted a ransom demand on the dark web, which Instructure refused to pay, encouraging schools to handle negotiations directly with the attackers.

Impact on Schools and Students

The cyberattack led to widespread disruptions across schools and universities. The University of Illinois postponed all final exams and assignments scheduled for the weekend. Meanwhile, the University of Massachusetts Dartmouth extended or rescheduled upcoming exams to accommodate the disruption. The University of California system also issued directives to its campuses to manage the situation, emphasizing the importance of student safety and exam integrity.

Students attempting to log in to Canvas on Thursday saw ransom messages and were unable to access their coursework. The outage caused confusion and frustration as schools scrambled to respond to the crisis. Some institutions, recognizing the severity, decided to cancel or delay final assessments to ensure fairness and security.

This incident underscores the vulnerability of online education platforms and the growing threat of cybercriminal groups targeting educational institutions. The disruption also raises questions about how schools can better protect digital infrastructure and student data from future attacks.

Broader Context of Cyberattacks in Education

The Canvas breach is not an isolated case. Last year, PowerSchool, another widely used learning platform, disclosed a breach that exposed years’ worth of sensitive student data. That incident involved personal information like names, addresses, and disciplinary records. These attacks show how cybercriminals are increasingly targeting education technology providers to access valuable data.

ShinyHunters has a history of operating as a loose collective, stealing data from various cloud providers and selling or using it in follow-up breaches. In 2024, they compromised Snowflake, a cloud storage service, and used the stolen credentials to attack other companies, including TicketMaster. The pattern indicates a rising trend of cyberattacks aiming at the education sector’s digital resources.

As schools adopt more online tools and platforms, the importance of robust cybersecurity measures becomes even clearer. Ensuring the safety of student and staff information, as well as maintaining the integrity of exams, are critical challenges for educational institutions moving forward.

Inspired by

• https://arstechnica.com/security/2026/05/chaos-erupts-as-cyberattack-disrupts-learning-platform-canvas-amid-finals/

Sources

• instructure.com
• instructure.com
• suntimes.com
• cbsnews.com
• kqed.org