Canvas Platform Knocked Offline by ShinyHunters Ransom Demand, Forcing US Universities to Reschedule Final Exams

A cyberattack on Instructure's Canvas platform has disrupted final exams at universities across the United States, after the ShinyHunters cybercriminal group claimed to have breached the education software provider for a second time. Students attempting to access course materials and tests this week were met with a ransom message directly from the attackers, who accused Instructure of refusing to negotiate after a previous breach. The incident forced dozens of institutions to delay or reschedule assessments during one of the most critical periods of the academic year.

The ShinyHunters message, which appeared to students navigating Canvas on Thursday, stated that the group had breached Instructure "again" after the company failed to engage in ransom negotiations following an earlier intrusion last week. The note urged affected schools to contact the hackers directly and set a May 12 deadline for payment. Instructure responded by removing the message and taking the entire Canvas platform offline for several hours, replacing it with an "under maintenance" landing page. The company has not publicly confirmed the full scope of the breach or whether student and institutional data was compromised.

The outage rippled through state schools and large universities nationwide, with administrators scrambling to notify students about exam delays and platform instability. Canvas serves as a central hub for teaching materials, assignments, readings, and assessments at thousands of educational institutions, making any prolonged disruption a significant operational and academic risk. The incident raises urgent questions about the security posture of third-party education technology providers and the vulnerability of academic operations to ransomware extortion campaigns. As the May 12 deadline approaches, institutions face pressure to assess potential data exposure while maintaining academic continuity.