Global Cyberattack Disrupts Canvas Learning Management System, Affecting Thousands of Schools

Severity: High (Score: 67.2)

Sources: Statecollege, Ndsmcobserver

Summary

A cyberattack on Canvas, a widely used learning management system, led to significant disruptions across thousands of educational institutions. The attack, attributed to the hacking group ShinyHunters, caused Penn State University to cancel final exams and prompted similar responses at other affected schools. Canvas was taken offline on May 7, 2026, after unauthorized activity was detected, impacting nearly 9,000 schools worldwide. Instructure, the parent company of Canvas, confirmed that personal information of users was accessed, although sensitive data like passwords and financial information were not compromised. As of May 8, 2026, Canvas services were restored for most users, but institutions are still adjusting grading deadlines and protocols due to the outage. The FBI and U.S. Cybersecurity and Infrastructure Security Agency have been notified of the incident. Key Points: • Canvas, used by nearly 9,000 schools, was taken offline due to a cyberattack by ShinyHunters. • Penn State canceled final exams as a direct result of the Canvas outage, affecting graduation timelines. • Instructure confirmed unauthorized access to personal user information but no sensitive data like passwords.

Key Entities

• Data Breach (attack_type)
• Harvard (company)
• Instructure (company)
• Los Angeles Unified School District (company)
• Minneapolis Public Schools (company)
• Penn State (company)
• United Kingdom (country)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Canvas (tool)