{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreig5c6ydqhz3snnplkltiaeppgvh7tmtb2gzrc24jecxfql4s5uvku",
"uri": "at://did:plc:awj2q63kg2v3k5xwsjh2uoe3/app.bsky.feed.post/3mlgskteiuoa2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreihg4krm4sxb4accoxqvzaocze2756xd53kyb5coi2lzwzxm2nsztq"
},
"mimeType": "image/jpeg",
"size": 347677
},
"description": "Canvas, software used by thousands of schools in the U.S., has been hacked and the private data of staff and students stolen.",
"path": "/news/2026/05/09/canvas-system-used-by-over-40-of-us-schools-breached/",
"publishedAt": "2026-05-09T17:49:06.000Z",
"site": "https://www.privacyguides.org",
"tags": [
"hacked",
"CNN",
"Free-for-Teachers",
"software"
],
"textContent": "Canvas, software used by thousands of schools in the U.S., has been hacked and the private data of staff and students stolen.\n\nA hacker group called ShinyHunters claims credit for the hack.\n\nLarge educational institutions like Columbia, Princeton, Harvard, and Georgetown were met with ransom notes on the homepage of their Canvas sites.\n\nInstructure, the company behind Canvas, received a ransom note from the group saying that data on millions of users including students, teachers, and staff would be leaked if they didn’t pay up.\n\nAn unnamed source told CNN that the FBI has deployed resources to help institutions deal with the situation.\n\nAs if the data breach itself wasn’t enough, the FBI also warned of scammers contacting those affected claiming to have their data.\n\nAccording to the same CNN article, Instructure says Canvas is “fully calm online and available for use” Friday.\n\nData obtained by the hackers included 275 million users’ users names, email addresses, student ID numbers, and billions of private messages.\n\nApparently, the threat actors had exploited an issue with Instructure’s Free-for-Teachers accounts. Instructure has temporarily disabled this feature in light of the hack.\n\nAs you can imagine, the hack has caused a huge disruption to educational institutions that are already spread thin as it is. Exams had to be cancelled as teachers waited for a fix.\n\nCentralized cloud platforms like Canvas create a central point of failure where all of their customers data and the functionality of their software relies on Instructure being up and running.\n\nIt also creates a massive central pool of data that makes a very attractive target for hackers.\n\nAs school rely more and more on complex centralized software for their functions and as surveillance on students becomes more and more common, the risks of data breaches will continue to grow.\n\nSchools for years now have been using software to collect and monitor keystrokes, communications, photos, and much more. Sensitive data collected by the software can include private communications, passwords, and sensitive images.\n\nSuch software doesn’t protect students and simply creates a bigger target for hackers.\n\nSchools have a duty to protect the data of their students, but they’re floundering at the first hurdle.\n\nIf you’re a student, it’s always a good idea to practice separation between school activities and personal ones. If you have a school-issued device, don’t use it for anything not school related. If you’re forced to install invasive software on a personal device, have one dedicated to school activities and one for personal use.",
"title": "Canvas System Used by Over 40% of US Schools Breached",
"updatedAt": "2026-05-09T17:49:06.263Z"
}