Instructure, the parent company of the education platform Canvas, has taken the system offline after hackers defaced its login page with a ransom demand, disrupting classes and coursework at thousands of U.S. school districts and universities. The attack comes just days after the company confirmed a data breach affecting 275 million students and faculty across nearly 9,000 institutions.
“This is a coordinated extortion attempt timed to maximize chaos during end-of-year exams,” said Dr. Elena Torres, a cybersecurity analyst at the Institute for Digital Education. “The attackers are leveraging both stolen data and service disruption to pressure schools into paying.”
ShinyHunters, the cybercrime group claiming responsibility, initially set a payment deadline for May 6 but later extended it to May 12. The group threatened to leak private messages, names, email addresses, and phone numbers unless demands were met, according to a screenshot shared by a reader.
Background
On May 6, Instructure acknowledged a breach involving “certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users.” The company stated that no evidence of compromised passwords, dates of birth, government IDs, or financial data had been found.
“At this stage, we believe the incident has been contained,” Instructure wrote in a previous update, adding that Canvas was fully operational. However, by mid-day Thursday, students and faculty reported seeing a ransom note from ShinyHunters replacing the login page, prompting Instructure to pull the platform offline and display a “scheduled maintenance” message.
ShinyHunters claims the stolen data includes billions of private messages, though the company’s investigation has not confirmed those details. The group had previously targeted other EdTech platforms, making this a familiar but escalated threat.
What This Means
The timing of the outage—during final exam season—amplifies the crisis. A prolonged disruption could delay grading, graduation, and course completions for millions of students. Many schools lack offline backup systems, forcing administrators to scramble for paper-based alternatives.
“If Canvas remains down for more than a day, the academic calendar for affected institutions will suffer serious setbacks,” Torres warned. “It’s not just inconvenience—it’s a logistical nightmare during the most critical time of the year.”
Beyond immediate chaos, the breach poses long-term privacy risks. While Instructure downplays the sensitivity of the data, security experts say that student IDs and internal messages can fuel identity theft, phishing, and social engineering attacks. Schools are now advising families to monitor credit reports and be wary of unsolicited communications.
Instructure has not announced a timeline for restoration. The company’s status page currently reads: “We anticipate being up soon, and will provide updates as possible.” Until then, 9,000 educational institutions and 275 million users remain in limbo—with exams on hold and private data in the hands of extortionists.