{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreia3povebmzhmp6x2hzcdsq75pzi7ohj3qdmev75lljiu7wip3kbju",
"uri": "at://did:plc:3mf3ql5qtnfwownblde4355r/app.bsky.feed.post/3mlch4nclsr42"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreieton2nrukqro5g5odx3zbbrrcgy5abn5pvjgn4sqktujzfmothve"
},
"mimeType": "image/webp",
"size": 60984
},
"description": "Instructure took the learning platform offline Thursday during a cybersecurity incident, disrupting exams, coursework and grading during finals week.",
"path": "/canvas-outage-instructure-cyber-incident/",
"publishedAt": "2026-05-08T00:13:42.000Z",
"site": "https://dysruptionhub.com",
"tags": [
"cybersecurity incident",
"status page",
"said Thursday",
"said Thursday evening",
"Inside Higher Ed",
"BleepingComputer",
"Bluesky",
"said Canvas sites",
"said earlier in the week",
"Infinite Campus",
"reported"
],
"textContent": "Education technology company Instructure took its Canvas learning management system offline Thursday during a cybersecurity incident, making the platform unavailable at schools nationwide and disrupting exams, coursework and grading during finals week.\n\nThe outage escalated an incident that schools had been warning about for several days as a data-security matter. Earlier campus notices focused on exposed Canvas user information, including names, email addresses, student ID numbers and messages. By Thursday, students and faculty were losing access to the course sites themselves.\n\nInstructure’s status page said Canvas, Canvas Beta and Canvas Test were placed in maintenance mode on May 7, 2026. (Instructure)\n\nCanvas is widely used by K-12 schools, colleges and universities to post assignments, quizzes, grades, course materials and messages.\n\nSt. Petersburg College said Thursday that Instructure had temporarily taken Canvas offline “for all institutions” while responding to the cybersecurity incident. The college said it first received notice May 4 of a recent data breach affecting colleges, universities and other organizations.\n\nBaylor University said Thursday evening that Canvas was unavailable universitywide and described the outage as a nationwide issue. The university said several institutions had reported that Canvas access was blocked by a ransom notice and that Instructure took the platform offline in response.\n\nThe outage followed a new ShinyHunters message that appeared on Canvas login pages Thursday, according to Inside Higher Ed and BleepingComputer. The group claimed it had breached Instructure “again,” accused the company of applying security patches instead of negotiating and set a May 12 deadline for affected schools to contact it before data would allegedly be leaked. DysruptionHub could not independently confirm the group’s claim, and Instructure had not publicly confirmed a second breach.\n\nA ShinyHunters extortion message that appeared on Canvas login pages on May 7 claimed the group had breached Instructure “again” and set a May 12 deadline before school data would allegedly be leaked. (Screenshot by Katy Pearce via Bluesky)\n\nJames Madison University said Canvas sites at universities worldwide, including JMU, were down “in response to a security breach.” The university delayed Friday morning exams and told faculty to prepare for exams and grading without Canvas access.\n\nThe reports helped explain the shift in campus alerts Thursday. From at least May 4 through May 6, many schools treated the incident as a vendor data breach and phishing risk. On May 7, they began issuing outage alerts as Canvas became unavailable during exams, grading and end-of-term coursework.\n\nThe University of Texas at Austin had said earlier in the week that it was aware of a vendor security incident affecting Instructure but that Canvas continued to operate normally at the time. Rutgers University said Instructure notified it of a widespread data breach involving thousands of institutions.\n\n****Chip in once****\nIf this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.\n\nTip us\n\n****Support us monthly****\nA small monthly pledge keeps independent coverage and our reader tools online for everyone.\n\nBecome a Supporter\n\nInstructure is based in Salt Lake City and provides education technology for K-12 schools, colleges and universities. Canvas is one of its core products, used to manage course materials, assignments, quizzes, grades and messages.\n\nThe outage is one of the more visible recent examples of an education technology vendor incident becoming a direct school disruption. A 2022 ransomware attack on Finalsite knocked thousands of school websites offline, while later incidents involving PowerSchool, Illuminate Education and Infinite Campus focused more heavily on student data exposure or narrower service interruptions. Canvas was different because schools reported losing access to a core classroom platform during exams, grading and end-of-term coursework.\n\nThe Verge reported that the extortion group ShinyHunters threatened to leak school data and claimed access to information from more than 9,000 schools and about 275 million people. DysruptionHub could not independently confirm the group’s claim, and schools’ public notices did not confirm a threat actor.\n\nOfficials have not publicly established a full restoration timeline, the number of affected U.S. institutions, the full scope of exposed data or whether a ransom demand was made directly to Instructure or individual schools.\n\nA request for comment sent to Instructure late Thursday was not immediately returned.\n\nAs of Thursday evening, schools were warning users not to interact with suspicious Canvas messages, adjusting exams and grading plans, and waiting for further restoration updates from Instructure.\n\n****Attribution note:**** DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.",
"title": "Canvas outage disrupts schools nationwide after breach notices",
"updatedAt": "2026-05-08T11:54:01.853Z"
}