Student LMS 'Canvas' Goes Dark Worldwide: Hackers Demand Ransom or Leak Student Data By May 12

Canvas, one of the world's most widely used student learning platforms, was hit by a major cyberattack that disrupted services globally and exposed sensitive student and staff data.

The attack, according to reports, targetedInstructure, the company behind Canvas, which is used by thousands of schools, colleges and universities for coursework, exams, messaging and grading systems.

The hacker groupShinyHuntershas claimed responsibility for the breach and is threatening to leak the stolen data unless negotiations begin before 12 May 2026.

The incident caused widespread outages across educational institutions in the United States, Australia and other regions, with many students unable to access assignments, lecture notes or examination materials during finals season.

The reports said that users attempting to log in to Canvas were redirected to ransom-style messages allegedly posted by the attackers. The messages warned schools and Instructure to contact the group before 12 May or face the public release of the stolen information.

Inside Higher Ed reported that the hackers threatened to publish 'several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other [personal identifying information]'.

The group claims the breach affects data linked to nearly 9,000 educational institutions and as many as 275 million users worldwide, although the full scale has not been independently verified.

Cybersecurity researchers noted that ShinyHunters has previously been linked to high-profile breaches involving major corporations, including attacks targeting cloud and telecommunications firms.

Instructurehas confirmed that the compromised information includes names, email addresses, student ID numbers and messages exchanged within Canvas systems. The company said there was currently no evidence that passwords, financial information or government-issued identification numbers had been exposed.

TechCrunch reported that samples of the allegedly stolen data included private communications between students and staff, as well as institutional records from schools in the United States.

Source: International Business Times UK