Students attempting to access grades, study materials and quizzes were met instead with a message from a hacking group on Thursday.
Universities and school systems across the country, from local school districts to Georgetown University, reported a ransom note on the homepage of their schools’ Canvas sites. Canvas is a popular, cloud-based digital hub for classrooms.
Canvas has more than 30 million active users globally, parent company Instructure says on its website, with more than 8,000 institutions as customers. Many of those students are in the middle of a busy Spring finals week.
Several universities across the country, including Columbia University, Rutgers, Princeton, Kent State, Harvard and Georgetown have issued statements alerting students to the hack impacting institutions nationwide. School districts in California, Florida, Georgia, Oklahoma, Oregon, Nevada, North Carolina, Tennessee, Utah and Virginia have also been affected.
This is the second data breach this month among schools and universities. Hacking group ShinyHunters claimed responsibility for both attacks. In the note, reported by different student news outlets, the group demanded ransoms to prevent further data leaks.
“ShinyHunters has breached Instructure (again),” read a warning on a University of Washington student’s account around noon PT, which was seen by CNN. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
Instructure said on its website that Canvas was “in maintenance mode” late Thursday afternoon, adding that it was investigating the issue.
On May 1, in a different attack, Instructure said it “experienced a cybersecurity incident perpetrated by a criminal threat actor” but contained the situation the next day. But the company indicated that user names, email addresses and student ID numbers were breached.
“Instructure still has until EOD 12 May 2026 to contact us,” Thursday’s note from the hacking group said.
CNN has reached out to Instructure for comment.
Some students in panic, others welcome deadline extensions
One student impacted by the hack said he was in a panic when he was logged out of his Canvas account while trying to study for finals at the University of Pennsylvania.
“The biggest cause of fear and anxiety in me is that I was deprived of significant resources to study and do the best,” Anish Garimidi, a junior at the university, told CNN.
Garimidi called the incident “very troubling” but said he is grateful his professors “were accommodating and sending materials through other means.”
Another student, a sophomore at Georgetown University, said she returned home to Kentucky last week because all of her remaining projects were online via Canvas. But the digital hub went down Thursday afternoon for students at her school, who were instead greeted by a ransom note, Minhal Nazeer told CNN.
While a lot of students are “freaking out,” others — including her — are happy because the hack means students will have extended deadlines, Nazeer said.
“I was already in a good spot to finish all my papers, so I’m not too bothered by it, but I do see it is helping me a little, because I have gotten some extension. I just have more time to look over my things,” she said.
Melanie Topchyan, a senior at the University of California, Riverside, said she missed a quiz on Thursday due to the hack, which she said is interrupting students’ schedules.
Topchyan has a midterm next week for a “pretty difficult class,” she said, and is worried because she needs access to Canvas to review lecture recordings and notes.
“It is a little bit of a freakout,” she added.
CNN’s Emma Tucker, Sarah Hutter, Ray Sanchez, Maria Aguilar Prieto and Jillian Sikes contributed to this story.
