Read, Watch or Listen

United States – The U.S. education sector faces a large-scale data extortion threat after the criminal hacking group ShinyHunters claimed to have stolen 3.6 terabytes of data from Instructure’s Canvas learning management system and set a final ransom deadline of May 12, 2026. The group says the breach affects roughly 275 million users across nearly 9,000 U.S. school systems, spanning universities and K-12 districts, and involves names, email addresses, student ID numbers and several billion private messages. The incident was first detected on May 7, 2026, and prompted a temporary shutdown of the Canvas platform as Instructure investigated the intrusion and worked to restore services. United States – Instructure reported that many universities and school districts found a ransom note posted on their Canvas homepages, as the hackers demanded an undisclosed settlement and threatened to publish the full database if the company does not pay by the May 12 deadline. The company’s investigation determined that the attackers exploited a vulnerability in Canvas’s Free-For-Teacher accounts, which allowed users to create accounts without institutional verification and use them to traverse trust boundaries into institutional tenants. Canvas services were restored by May 8, but the outage disrupted exam schedules and assignment deadlines nationwide, and Instructure has temporarily disabled the Free-For-Teacher feature as a security measure while the response continues.

Prepared by Emily Rhodes and reviewed by editorial team.