ShinyHunters Forces Canvas Offline, Holding 275 Million Education Records Hostage

A major cyberattack by the ShinyHunters threat group has forced Instructure to take the Canvas learning management system offline, disrupting educational operations nationwide. The breach compromised sensitive data belonging to 275 million students and faculty, with attackers defacing login pages and holding the massive trove of personal information hostage. The sudden takedown left educational institutions scrambling as students and staff lost access to coursework, grades, and critical academic systems with little warning.

ShinyHunters, a well-established cybercriminal operation with a track record of high-profile breaches, claimed responsibility for the intrusion. The attackers reportedly defaced Canvas login pages before Instructure pulled the platform offline in response to the incident. The reported figure of 275 million affected individuals would place this among the largest education-sector data compromises on record. Instructure has not yet publicly disclosed the full scope of exposed data types, specific ransom demands, or a timeline for restoring services.

The incident highlights the acute vulnerability of centralized education technology platforms to ransomware and data extortion campaigns. Canvas serves as the primary learning management system for thousands of schools, colleges, and universities, positioning it as a high-value target for threat actors seeking leverage over institutions with limited tolerance for operational downtime. The breach raises urgent questions about security practices at ed-tech providers and the potential long-term exposure of student and faculty personal information. As investigations proceed, affected institutions face mounting pressure to communicate with stakeholders while assessing the extent of data exposure and academic disruption.