Canvas Learning Platform Hit by Ransomware Attack During Finals Week, 275 Million Records Exposed

The Canvas learning management system was hit by a ransomware attack during finals week in May 2026, disrupting students and educators at universities and K-12 schools across the country.

The attack was carried out by the hacking group ShinyHunters. Up to 275 million records may have been exposed, including student names, student IDs, email addresses, and private messages sent through the platform.

The University of Washington confirmed that its Canvas instance was taken offline due to a security incident. The university said it was conducting a security assessment and working to restore access.

A hacker connected to the breach claimed to have stolen 280 million records from thousands of schools that use Canvas, which is operated by Instructure.

The timing of the attack, during finals week, caused significant disruption. Students were unable to access course materials, submit assignments, or take online exams. Some schools scrambled to find alternative ways to administer tests.

Cybersecurity experts say educational institutions are frequent targets for ransomware attacks because they hold large amounts of personal data and often have limited security budgets.

Instructure has not publicly confirmed the full scope of the breach. The company said it is working with law enforcement and cybersecurity experts to investigate the incident and secure its systems.

Students and faculty affected by the breach are advised to monitor their accounts for unusual activity and consider placing a fraud alert with the major credit bureaus.