A widespread cyber incident targeting Canvas, the learning management platform owned by Instructure, disrupted universities and schools across the United States, Canada and Australia this week, with institutions reporting blocked access during final assessments. The outage, attributed to the hacking group ShinyHunters, affected an estimated 9,000 institutions and raised urgent concerns over digital resilience in education.
What Happened
Problems escalated through the week as students and faculty in multiple countries lost access to coursework systems hosted on Canvas. By late Thursday, Instructure said the platform was available again for most users, but several campuses continued to report service issues into Friday. Universities described the disruption as severe given the timing near end-of-semester examinations and assignment deadlines.
The University of Sydney told students on Friday that Canvas remained unavailable and instructed them not to try signing in while administrators awaited further guidance from Instructure. In the United States, Penn State informed students that nobody could access Canvas and cautioned that restoration was unlikely within 24 hours. The university also cancelled some exams scheduled for Thursday and Friday as academic staff scrambled for alternatives.
Canadian institutions reported similar interruptions. The University of British Columbia said Thursday evening that Canvas was unavailable because of a cyber breach involving Instructure and advised students to log out immediately. The University of Toronto also confirmed it had been affected, noting that multiple universities were facing the same problem. In California, students at UCLA struggled to upload assignments, while the University of Chicago temporarily disabled its Canvas page after reports that it had been targeted.
Impact & Consequences
The disruption immediately hit core academic operations, especially assessment and assignment submission systems that are now central to university teaching models. At institutions in active exam periods, students faced uncertainty over deadlines, grading, and make-up tests. Faculty and administrators were forced to shift quickly to manual communication and contingency plans, exposing how deeply higher education depends on a few digital service providers.
The incident also appeared to include an extortion element. The Chicago Maroon, a student-run newspaper, published an image of a message allegedly from ShinyHunters urging the university to make private contact to negotiate a settlement and avoid release of data. Luke Connolly, a threat analyst at cybersecurity firm Emsisoft, told the Associated Press that screenshots indicated threats began on Sunday, with deadlines set for Thursday and 12 May. He added that payment negotiations could still be underway.
Background & Context
Canvas is among the most widely used academic software platforms globally, making it a high-value target for cybercriminals because outages can halt teaching and assessment simultaneously across thousands of institutions. The scale of this event reflects a broader pattern in which threat groups increasingly target essential digital infrastructure in sectors that cannot easily pause operations, including education, healthcare and local government.
The breach also unfolded amid broader political concern over cyber readiness. On the same day universities reported widespread disruptions, US Senate Democratic leader Chuck Schumer sent a letter to the Trump administration urging stronger protection against rapidly evolving cyber threats in the AI era. In the letter, Schumer said the Department of Homeland Security must move immediately to support states and local governments before outages and attacks place lives and livelihoods at risk.
International Response
Institutional responses were immediate but fragmented, with universities issuing campus-by-campus advisories, temporary shutdowns, and exam changes while waiting for central updates from Instructure. Messages from universities in Sydney, Vancouver, Toronto, Pennsylvania, Chicago and Los Angeles reflected the same instruction pattern: avoid login attempts, monitor official notices, and prepare for altered deadlines or rescheduled assessments.
At the policy level, attention has shifted to preparedness and coordination. Schumer’s intervention highlighted pressure on US federal agencies to increase support for local authorities facing cyber disruption. Security analysts have also pointed to the cross-border nature of the Canvas outage as a reminder that attacks on shared software providers can quickly become international incidents, requiring tighter cooperation between technology companies, regulators, and educational institutions.
What to Expect Next
In the coming days, institutions are expected to continue restoring full access, revising assessment schedules and reviewing whether any sensitive data was exposed. Further statements from Instructure and affected universities will likely clarify the scope of the breach and timeline of recovery. Investigators will also focus on whether extortion demands were made broadly, whether negotiations occurred, and what additional safeguards are required before the next academic peak period.
