An educational platform used by thousands of schools and universities worldwide was partially restored on Friday after a sweeping cyberattack disrupted access for millions of students preparing for final exams, triggering fears over one of the largest education-related data breaches in recent years.
Canvas, the online learning platform operated by Instructure, suffered widespread outages after the hacking group ShinyHunters claimed responsibility for breaching the system and threatening to leak sensitive student data unless negotiations took place before May 12. The hackers said they had accessed information linked to nearly 9,000 educational institutions globally, including universities in the US, UK, Canada, Australia and parts of Europe.
The disruption forced universities and schools to suspend online coursework, delay examinations and issue emergency advisories to students and faculty members as login portals went offline during one of the busiest periods of the academic year. Several institutions temporarily blocked access to Canvas entirely while cybersecurity teams assessed potential exposure risks.
Instructure said most services had been restored, though some testing and beta systems remained under maintenance as investigators continued to examine the scope of the intrusion. The company acknowledged that attackers gained access through vulnerabilities tied to “Free-For-Teacher” accounts, a version of Canvas widely used for independent educational access.
The company has not confirmed the full number of affected users, but cybersecurity researchers and media reports estimated that data linked to hundreds of millions of students, teachers and academic staff may have been exposed. The compromised information reportedly includes names, email addresses, student identification numbers and private communications exchanged through the platform. Officials said there was no evidence that passwords, financial details or government identification records had been stolen.
The attack rapidly escalated into an international education crisis because Canvas is deeply embedded in the centralized digital infrastructure of universities and schools across multiple countries. In the US alone, the platform is used by a significant share of higher education institutions, including several Ivy League universities. Student newspapers and local media outlets at Harvard, Duke, UCLA, Princeton and the University of Pennsylvania reported outages and unauthorized messages appearing on login pages.
Australian universities also reported disruptions, with some institutions granting assignment extensions and advising students to remain alert for phishing emails or scams linked to the breach. Authorities in Australia and Europe coordinated with cybersecurity agencies as institutions disconnected internal systems from Canvas to limit potential damage.
The hacking group ShinyHunters has previously been linked to several high-profile cyberattacks targeting corporations, universities and technology firms. The group often combines data theft with ransom demands, threatening public leaks if victims refuse to negotiate. Cybersecurity analysts said the Canvas breach reflects a growing trend in which hackers target centralized digital infrastructure used by schools, healthcare providers and government institutions.
The timing of the attack amplified the disruption. Many universities were in the middle of final examinations and end-of-semester grading, leaving students unable to submit assignments or access course materials for hours. Professors and administrators scrambled to switch to email communication and alternative platforms while IT teams monitored network security.
Experts warned that the incident could deepen concerns about the concentration of educational data within a handful of private technology platforms. Over the last decade, universities worldwide accelerated their dependence on cloud-based systems for coursework, exams, attendance tracking and communication, creating attractive targets for cybercriminals.
The breach also renewed debate over the accountability of education technology providers handling sensitive student information. Critics argued that schools and governments have increasingly outsourced critical academic infrastructure to corporations without imposing sufficiently strict cybersecurity oversight.
Cybersecurity researchers said the attack demonstrated how digital education systems can become vulnerable pressure points capable of disrupting national education networks within hours. Analysts compared the breach to earlier attacks on healthcare and public infrastructure systems, warning that educational institutions often lack the resources needed to defend against sophisticated cybercrime operations.
While Canvas services have largely returned online, investigators are still assessing whether stolen data has been copied or transferred outside company systems. The FBI and multiple international cybersecurity agencies are reportedly monitoring the incident as schools prepare for the possibility of phishing campaigns, identity fraud attempts and further extortion threats linked to compromised user information.
The incident comes amid rising global concern over cyber warfare, digital surveillance and attacks targeting essential public infrastructure. Universities and schools increasingly store massive amounts of personal data through centralized AI systems and online systems, making them lucrative targets for organized hacking groups seeking leverage through ransom operations.
For millions of students already facing exam pressure and academic deadlines, the attack exposed how deeply modern education now depends on fragile digital infrastructure, and how quickly those systems can become vulnerable during a coordinated cyber assault.
