A sweeping cyberattack targeting the widely used Canvas learning platform has thrown universities and schools across the US, Canada, Australia and several other countries into chaos, disrupting final exams, blocking access to coursework, and intensifying fears over what cybersecurity experts are calling one of the most severe education-sector breaches in modern history.
The attack, allegedly carried out by the notorious hacking collective ShinyHunters, affected institutions relying on Canvas, the cloud-based learning management system operated by Instructure. Universities from Sydney to Chicago scrambled to suspend exams, warn students against logging into compromised systems, and assess whether sensitive academic data had been exposed. Reuters reported that the breach may have affected nearly 9,000 institutions globally.
The disruption came during one of the most critical periods of the academic calendar, with many institutions in the middle of final assessments, grading submissions and graduation preparations. Thousands of students suddenly found themselves unable to submit assignments, retrieve coursework or communicate with instructors after the Canvas cyberattack pushed systems offline worldwide.
In Australia, the University of Sydney informed students that Canvas was unavailable and acknowledged that the outage was affecting nearly 9,000 institutions worldwide. Other Australian institutions, including the University of Technology Sydney and Griffith University, either suspended access to the platform or advised students to remain alert for phishing attempts and scam emails. ABC Australia said students across multiple institutions received threatening ransom messages linked to the hackers.
Across North America, universities rushed to delay examinations and implement emergency contingency measures. Mississippi State University postponed final exams, while Idaho State University canceled assessments scheduled later in the day after students lost access to coursework and digital submissions. The cyberattack disrupted thousands of schools during one of the busiest academic periods of the year.
The University of British Columbia in Vancouver advised students to immediately log out of Canvas after reports emerged that the platform’s parent company had suffered a cyber breach. Similar warnings were issued at the University of Toronto, UCLA, Duke University and several Ivy League campuses, many of which experienced outages or suspicious login page activity linked to the attack.
The crisis escalated after screenshots surfaced online showing ransom messages allegedly posted by ShinyHunters. The hackers claimed they had obtained data connected to approximately 275 million users across thousands of schools and universities. Their message threatened to leak schools’ data unless institutions privately negotiated settlements before a stated deadline of May 12.
Students who attempted to access Canvas reported being redirected to threatening messages instead of their coursework dashboards. Some said they initially believed the alerts were scams before universities began issuing emergency notices acknowledging the incident.
Northwestern University graduate student Jacques Abou-Rizk described fears over both academic disruption and the possibility that private personal information could eventually be leaked online.
Cybersecurity analysts say the breach highlights the growing dangers posed by centralized digital infrastructure in modern education systems. Canvas is deeply embedded in academic life across much of the Western world, handling assignments, grading systems, faculty communications, exams and student records for millions of users.
Experts warned that the concentration of educational data within a single platform may have amplified the scale of the crisis. Threat analysts said attackers appeared to exploit weaknesses connected to cloud authentication systems and third-party integrations rather than directly targeting individual schools. The incident has renewed debate around digital resilience and the vulnerability of global education systems.
According to cybersecurity reporting, the compromised data may include names, email addresses, student identification numbers and private messages exchanged between students and faculty. While Instructure stated there was no evidence that passwords, financial records or government identifiers had been stolen, analysts warned the personal information leaked could still fuel large-scale phishing operations and identity fraud campaigns in the future.
The breach has reignited debate over the vulnerability of Western educational infrastructure to sophisticated cyberattacks. Critics argue universities have become increasingly dependent on centralized commercial platforms without sufficiently investing in cyber resilience or decentralized backup systems.
The incident also comes amid rising AI surveillance and cyber warfare threats, with governments facing mounting pressure to defend public institutions from rapidly evolving digital attacks. Analysts say the attack demonstrates how cyber warfare tactics are increasingly targeting civilian infrastructure and educational institutions.
At the same time, concerns are growing over the expanding role of artificial intelligence in sophisticated cyberattacks, phishing operations and automated credential theft systems. Security experts say AI-enhanced hacking campaigns are becoming more difficult to detect and contain.
Cybersecurity researchers believe extortion discussions may still be ongoing behind the scenes. Luke Connolly, a threat analyst cited by multiple media outlets, said screenshots indicated the attackers had been issuing deadlines and negotiating windows since earlier in the week.
ShinyHunters has previously been linked to several major global breaches involving corporations, cloud services and technology firms. Security analysts say the group increasingly relies on social engineering, credential theft and identity-based attacks rather than traditional malware alone. Growing concerns over AI-driven cybersecurity defenses have now intensified following the attack.
The scale of the breach has already drawn comparisons to some of the largest education-sector hacks ever recorded. Analysts warned that millions of students could remain vulnerable for months if exposed information is later used in phishing campaigns impersonating universities, financial aid offices or academic administrators.
Several experts also warned the incident exposed severe weaknesses in global security infrastructure, particularly around cloud-based educational systems that store sensitive student and faculty records in centralized databases.
Some universities have already disconnected Canvas from internal systems as a precautionary measure, while others are preparing alternative exam schedules and manual grading systems in case disruptions continue into next week.
Although Instructure said late Thursday that Canvas services had been restored for “most users,” institutions across several countries continued reporting outages and login failures on Friday. Many students remained unable to access lecture materials, assignment portals or archived coursework as uncertainty spread through campuses worldwide.
The incident has exposed the fragile dependence of modern education systems on centralized cloud infrastructure at a time when cybercrime groups are becoming increasingly organized, aggressive and technologically advanced. For millions of students preparing for graduation, final assessments or critical academic deadlines, the consequences have already become deeply personal.
As investigations continue, universities and governments now face difficult questions about whether existing digital defenses are capable of protecting the vast educational ecosystems that modern societies increasingly rely upon. Experts speaking to Inside Higher Ed warned the attack on a major higher education vendor could become a defining cybersecurity event for universities worldwide.
