Canvas Platform Breach by ShinyHunters Paralyzes Thousands of US Schools, Instructure Confirms

A ransomware breach targeting education technology firm Instructure forced the shutdown of its Canvas learning management system, disrupting instruction across thousands of schools throughout the United States on Thursday. The attackers, operating under the name ShinyHunters, claimed responsibility for the intrusion, which prompted Instructure to proactively sever access to the platform to contain potential damage. The incident represents one of the most significant attacks against educational infrastructure in recent memory, affecting districts that rely on Canvas for daily coursework, grade management, and student communication.

Instructure confirmed the breach and subsequent platform shutdown in a statement, indicating that unauthorized access was detected before the attackers could fully execute their extortion scheme. Security researchers tracking ShinyHunters note that the group has a history of targeting consumer databases and has increasingly focused on high-value institutional victims capable of paying substantial ransoms. The specific scope of data accessed during the breach remains under investigation, though the group reportedly attempted to negotiate payment in exchange for deleting stolen information rather than publishing it.

The attack on Canvas raises urgent questions about the security posture of centralized educational technology platforms, which often hold sensitive student data, financial information, and institutional records. Schools districts already grappling with resource constraints now face the burden of transitioning to backup systems while assessing whether their own networks were compromised through Canvas integration. Federal cybersecurity authorities have previously warned that educational institutions face elevated targeting from ransomware groups due to historically limited security investments and the high value of academic data on illicit markets. Instructure has not disclosed whether it received or intends to pay a ransom demand.