Canvas Learning Platform Hit by Major Ransomware Attack Affecting 275 Million Students
A cybercriminal group called ShinyHunters breached Instructure's Canvas platform, disrupting learning for millions of students and teachers across nearly 9,000 schools worldwide. The hackers are demanding ransom and threatening to leak sensitive data including private messages and student records by May 12.
Massive Education System Breach
Scope of Attack: ShinyHunters claims to have stolen data from 275 million students, teachers, and staff across approximately 9,000 educational institutions, including top universities like Harvard, MIT, and Oxford.
Data Exposed: The breach includes names, email addresses, student ID numbers, and billions of private messages between students and teachers. The hackers claim to have accessed course information and personal conversations. Instructure confirmed no passwords, dates of birth, government identifiers, or financial information were compromised.
Ransom Demand: The group initially set a deadline of May 6, then extended it to May 7, and finally to May 12 for institutions to negotiate. They threatened to leak all data unless ransom is paid. The extended deadline suggests ongoing extortion negotiations.
Impact: Canvas went offline, disrupting coursework at universities and K-12 schools during a critical time for finals and end-of-year assessments. Instructure has since restored Canvas to full operational status but the security breach remains under investigation.
Perpetrators: ShinyHunters is a known loose affiliation of hackers based in the U.S. and U.K. The group has been tied to previous attacks including the Ticketmaster/Live Nation breach.