Canvas learning platform remains offline following massive student data breach

The Instructure-owned learning management platform, Canvas, is currently down after recently confirming a massive data breach that impacted student names, email addresses, ID numbers, and messages.

Students attempting to access the system on Thursday were met with a message from the notorious hacking group ShinyHunters.

The group claimed responsibility for the attack and criticised the company for ignoring their initial contact in favour of implementing "security patches."

The hackers have issued a stark ultimatum, stating that affected schools have until the end of the day on May 12, 2026, to negotiate a settlement before the stolen data is leaked publicly.

The message included a link to a list of institutions allegedly compromised through the Canvas platform. Currently, the official status page indicates that Canvas, Canvas Beta, and Canvas Test remain unavailable while Instructure investigates the ongoing outage.

The company had previously stated last week that it had deployed patches to enhance system security following the initial breach.

ShinyHunters—a group known for high-profile attacks on companies like Ticketmaster and AT&T—claims that its data leak site contains information from 9,000 schools.

This includes data belonging to an estimated 275 million students, teachers, and staff members. The scale of the breach has sent shockwaves through the educational sector as administrators scramble to assess the risk to their populations.

Security researchers at Bleeping Computer suggest this could be one of the largest academic data thefts in history, as the group continues to leverage compromised credentials to pressure the software provider.